Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search results getting redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google search results getting redirected

Unread postby djimmy » January 14th, 2010, 4:21 am

Hello, I'm hoping someone can help me with the following problem. I was infected with the IS2010 worm recently, ran MalwareBytes which seemed to remove it for the most part, however I'm still having my search results redirected to random sites periodically. I've also had a program start crashing on startup persistently that worked fine before (Fiesta Download Manager) - unsure if that is related or not. Thanks for any help!

My HijackThis log and Uninstall List below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:50 PM, on 1/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\gary\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://citrix.phsa.ca/Citrix/MetaFrame/auth/login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\gary\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5743790203
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe

--
End of file - 9318 bytes


Absolute Pitch 2.24
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Antares Autotune DX v4.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Best Service Artist Grooves
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Citrix XenApp Web Plugin
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DrillDraw version 6.4.1
EA Download Manager
Fiesta Download Manager
foldit
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Software Update
HP Update
HP User Guides 0009
HP User Guides--System Recovery
HP Wireless Assistant 2.00 B3
Hydrogen
ImgResizer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KRISTAL Audio Engine
LeechFTP
LiveUpdate 3.0 (Symantec Corporation)
LoudMo Contextual Ad Assistant
MagicDisc 2.5.74
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mixxx 1.7.1
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
Native Instruments B4
Native Instruments Service Center
Native Instruments Service Center
Picture Resize 4.5
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RealPlayer
REAPER
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Foundry ACID Pro 3.0
Sonic MyDVD Plus
Sonic Update Manager
Stellarium 0.9.0
SUPER © Version 2007.bld.23 (July 4, 2007)
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
TC Near - Konnekt
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WhenU Save
WinAce Archiver
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1)
Windows Driver Package - TC Electronic (TCNear) MEDIA (05/20/2009 3.4.1.5782)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
Xvid 1.1.3 final uninstall
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am
Advertisement
Register to Remove

Re: Google search results getting redirected

Unread postby MWR 3 day Mod » January 17th, 2010, 8:20 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Google search results getting redirected

Unread postby Carolyn » January 20th, 2010, 4:15 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs that you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Step 1

Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. DDS.txt
  2. Attach.txt
  3. Gmer.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google search results getting redirected

Unread postby djimmy » January 21st, 2010, 7:42 pm

Hi Carolyn - thanks for your reply. Requested logs attached below:


DDS (Ver_09-12-01.01) - NTFSx86
Run by gary at 22:31:25.87 on Wed 01/20/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.322 [GMT -8:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\gary\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://citrix.phsa.ca/Citrix/MetaFrame/auth/login.aspx
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
EB: &Save Branding Window: {2c5a7a51-7e8d-497e-852a-d63ad9014e14} - %SystemRoot%\system32\shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\gary\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [DetectorApp] c:\program files\sonic\digitalmedia plus v7\mydvd plus\DetectorApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gary\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\gary\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Custo ... anager.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 5743790203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gary\applic~1\mozilla\firefox\profiles\b7xlvhi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{6f2c13bc-306d-ffd0-035f-78918abbb4d4}
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-12 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-4 1247600]
S3 TCNear;TC Near;c:\windows\system32\drivers\TCNear.sys [2009-10-3 121216]
S3 TCNearAudio;TC Near Audio;c:\windows\system32\drivers\TCNearAudio.sys [2009-10-3 21504]
S3 TCNearMidi;TC Near MIDI;c:\windows\system32\drivers\TCNearMidi.sys [2009-10-3 24064]

=============== Created Last 30 ================

2010-01-14 07:52:15 0 d-----w- c:\program files\Trend Micro
2010-01-14 07:46:07 0 d-----w- c:\program files\Fiesta Download Manager
2010-01-13 07:20:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-13 06:01:06 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-13 04:38:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 03:09:42 0 d-----w- c:\docume~1\gary\applic~1\Malwarebytes
2010-01-12 03:09:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 03:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-12 03:09:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-12 03:09:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 07:52:26 0 d-----w- c:\windows\pss
2010-01-11 01:36:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-11 01:15:03 621944 ----a-w- C:\pskill.exe
2010-01-11 01:15:03 125744 ----a-w- C:\pslist.exe
2010-01-10 23:17:47 767488 ----a-w- c:\windows\system32\drivers\dcqasxgf.sys
2010-01-10 22:22:48 118256 ----a-w- c:\windows\system32\Hq-MH_FJB.exe
2010-01-10 22:21:45 0 d-sh--w- c:\documents and settings\gary\.COMMgr
2010-01-10 22:21:27 0 d-sh--w- c:\docume~1\gary\applic~1\SystemProc
2009-12-27 03:41:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Fiesta Download Manager
2009-12-27 00:40:15 0 d-----w- c:\program files\iPod
2009-12-27 00:40:05 0 d-----w- c:\program files\iTunes
2009-12-27 00:40:05 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 00:35:47 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-27 00:35:47 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-27 00:33:09 0 d-----w- c:\program files\Bonjour
2009-12-26 03:32:40 1183744 ----a-w- c:\windows\system32\_-rC-GC7kT-.dll

==================== Find3M ====================

2010-01-14 03:40:45 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 -csh--r- c:\windows\system32\msfDX.dll
2009-10-01 05:23:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat

============= FINISH: 22:33:17.71 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2007 7:04:53 PM
System Uptime: 1/20/2010 1:12:37 AM (21 hours ago)

Motherboard: Quanta | | 30A0
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1663/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 4.639 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Absolute Pitch 2.24
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Antares Autotune DX v4.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Best Service Artist Grooves
BitTorrent
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Citrix XenApp Web Plugin
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
DrillDraw version 6.4.1
Dropbox
EA Download Manager
Fiesta Download Manager
foldit
FullDPAppQFolder
Google Chrome
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Software Update
HP Update
HP User Guides--System Recovery
HP User Guides 0009
HP Wireless Assistant 2.00 B3
Hydrogen
ImgResizer
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KRISTAL Audio Engine
LeechFTP
LightScribe 1.4.105.1
LiveUpdate 3.0 (Symantec Corporation)
LoudMo Contextual Ad Assistant
MagicDisc 2.5.74
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mixxx 1.7.1
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
Native Instruments B4
Native Instruments Service Center
Octoshape add-in for Adobe Flash Player
OptionalContentQFolder
PhotoGallery
Picture Resize 4.5
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RandMap
RealPlayer
REAPER
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SkinsHP1
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Foundry ACID Pro 3.0
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Stellarium 0.9.0
SUPER © Version 2007.bld.23 (July 4, 2007)
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
TC Near - Konnekt
TweetDeck
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WebFldrs XP
WhenU Save
WinAce Archiver
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1)
Windows Driver Package - TC Electronic (TCNear) MEDIA (05/20/2009 3.4.1.5782)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

1/18/2010 10:14:17 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/16/2010 1:01:29 AM, error: Service Control Manager [7034] - The Symantec Core LC service terminated unexpectedly. It has done this 1 time(s).
1/15/2010 8:08:12 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00130229782C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/13/2010 7:51:22 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/13/2010 7:51:22 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 15:23:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\gary\LOCALS~1\Temp\awtyikod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7660BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\iaStor.sys entry point in ".rsrc" section [0xF7475D24]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 86E85841

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am

Re: Google search results getting redirected

Unread postby Carolyn » January 21st, 2010, 9:49 pm

Hello djimmy,

With reference to Malware Removal P2P Programs Policy, please uninstall the following program before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate BitTorrent and click on the Change/Remove button to uninstall it.
  3. Close Add/Remove Programs and Control Panel when done.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google search results getting redirected

Unread postby djimmy » January 22nd, 2010, 12:04 am

Absolute Pitch 2.24
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Antares Autotune DX v4.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Best Service Artist Grooves
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Citrix XenApp Web Plugin
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DrillDraw version 6.4.1
EA Download Manager
Fiesta Download Manager
foldit
Google Earth
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Software Update
HP Update
HP User Guides 0009
HP User Guides--System Recovery
HP Wireless Assistant 2.00 B3
Hydrogen
ImgResizer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KRISTAL Audio Engine
LeechFTP
LiveUpdate 3.0 (Symantec Corporation)
LoudMo Contextual Ad Assistant
MagicDisc 2.5.74
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mixxx 1.7.1
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
Native Instruments B4
Native Instruments Service Center
Native Instruments Service Center
Picture Resize 4.5
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RealPlayer
REAPER
RocketDock 1.3.5
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SmartAudio
Snowboard SuperJam
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Foundry ACID Pro 3.0
Sonic MyDVD Plus
Sonic Update Manager
Stellarium 0.9.0
SUPER © Version 2007.bld.23 (July 4, 2007)
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
TC Near - Konnekt
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
WhenU Save
WinAce Archiver
Windows Driver Package - MicroVision (Mvc25U870_VID_1262&PID_25FD) Image (11/30/2005 1.0.1.1)
Windows Driver Package - TC Electronic (TCNear) MEDIA (05/20/2009 3.4.1.5782)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
Xvid 1.1.3 final uninstall
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am

Re: Google search results getting redirected

Unread postby Carolyn » January 22nd, 2010, 8:08 am

Hello,

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google search results getting redirected

Unread postby djimmy » January 23rd, 2010, 1:36 am

ComboFix 10-01-21.08 - gary 01/22/2010 20:48:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.511 [GMT -8:00]
Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gary\Application Data\SystemProc
c:\documents and settings\gary\Start Menu\Programs\Startup\MagicDisc.lnk
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
C:\test.txt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\driVERs\dcqasxgf.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Legacy_dcqasxgf
-------\Service_dcqasxgf


((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-14 07:52 . 2010-01-14 07:52 -------- d-----w- c:\program files\Trend Micro
2010-01-14 07:46 . 2010-01-14 07:46 -------- d-----w- c:\program files\Fiesta Download Manager
2010-01-13 07:20 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-13 06:01 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-13 04:38 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\documents and settings\gary\Application Data\Malwarebytes
2010-01-12 03:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 03:09 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 02:16 . 2010-01-12 03:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-11 01:36 . 2010-01-13 05:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-11 01:15 . 2009-12-01 18:52 621944 ----a-w- C:\pskill.exe
2010-01-11 01:15 . 2006-12-05 01:53 125744 ----a-w- C:\pslist.exe
2010-01-10 22:22 . 2010-01-10 22:22 118256 ----a-w- c:\windows\system32\Hq-MH_FJB.exe
2010-01-10 22:21 . 2010-01-12 03:36 -------- d-sh--w- c:\documents and settings\gary\.COMMgr
2009-12-27 03:41 . 2010-01-14 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Fiesta Download Manager
2009-12-27 00:40 . 2009-12-27 00:40 -------- d-----w- c:\program files\iPod
2009-12-27 00:40 . 2009-12-27 02:07 -------- d-----w- c:\program files\iTunes
2009-12-27 00:40 . 2009-12-27 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 00:37 . 2009-12-27 00:38 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:35 . 2009-08-29 03:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-27 00:35 . 2009-08-29 03:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-27 00:33 . 2009-12-27 00:33 -------- d-----w- c:\program files\Bonjour
2009-12-26 03:32 . 2009-12-26 03:32 1183744 ----a-w- c:\windows\system32\_-rC-GC7kT-.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 05:08 . 2009-04-29 01:36 -------- d-----w- c:\documents and settings\gary\Application Data\Dropbox
2010-01-23 05:08 . 2008-11-15 21:32 -------- d-----w- c:\program files\DNA
2010-01-23 05:08 . 2008-11-15 21:32 -------- d-----w- c:\documents and settings\gary\Application Data\DNA
2010-01-22 04:01 . 2007-08-15 20:26 -------- d-----w- c:\documents and settings\gary\Application Data\BitTorrent
2010-01-22 04:01 . 2007-08-15 20:26 -------- d-----w- c:\program files\BitTorrent
2010-01-22 00:02 . 2010-01-13 06:00 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-22 00:02 . 2010-01-22 00:02 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-22 00:02 . 2010-01-13 05:58 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-21 06:38 . 2009-06-03 06:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 03:40 . 2005-11-23 00:50 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-14 02:51 . 2007-07-28 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 07:20 . 2007-04-15 08:34 -------- d-----w- c:\program files\WinAce
2010-01-13 06:00 . 2010-01-13 06:00 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-13 06:00 . 2010-01-13 06:00 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-13 06:00 . 2010-01-13 06:00 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-13 06:00 . 2010-01-13 06:00 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-13 06:00 . 2010-01-13 06:00 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-13 05:59 . 2010-01-13 05:59 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-13 05:59 . 2010-01-13 05:58 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-13 05:58 . 2010-01-13 05:58 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-13 05:58 . 2010-01-13 05:58 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-13 05:58 . 2010-01-13 05:58 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-13 05:58 . 2010-01-13 05:58 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-13 05:56 . 2009-10-10 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-12 03:36 . 2009-03-10 03:53 -------- d-----w- c:\documents and settings\gary\Application Data\Save
2010-01-05 10:00 . 2004-08-04 20:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 20:00 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 00:33 . 2007-04-16 02:17 -------- d-----w- c:\documents and settings\gary\Application Data\Apple Computer
2009-12-27 02:02 . 2009-11-11 21:08 79488 ----a-w- c:\documents and settings\gary\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 01:55 . 2008-03-04 04:56 -------- d-----w- c:\program files\Apple Software Update
2009-12-27 00:40 . 2008-03-04 04:55 -------- d-----w- c:\program files\Common Files\Apple
2009-12-27 00:34 . 2009-12-27 00:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-12 07:44 . 2009-12-12 07:44 79488 ----a-w- c:\documents and settings\Melanie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-11 07:33 . 2009-12-11 07:33 -------- d-----w- c:\program files\Mixxx
2009-12-07 14:10 . 2010-01-13 05:57 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-11-21 15:51 . 2004-08-04 20:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 04:48 . 2007-04-20 02:49 107640 -c--a-w- c:\documents and settings\Melanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 23:02 . 2007-04-06 20:12 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-02 23:02 . 2007-04-06 20:12 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-02 23:02 . 2007-04-06 20:12 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-09-02 23:02 . 2007-04-06 20:12 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-09-02 23:02 . 2007-04-06 20:12 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2006-05-03 09:06 . 2007-09-24 05:26 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-09-24 05:26 31232 -csh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 144792]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-26 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\gary\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\gary\Application Data\Dropbox\bin\Dropbox.exe [2009-8-30 26784939]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 17:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 18:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Documents and Settings\\gary\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/12/2010 10:01 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
S3 TCNear;TC Near;c:\windows\system32\drivers\TCNear.sys [10/3/2009 10:17 PM 121216]
S3 TCNearAudio;TC Near Audio;c:\windows\system32\drivers\TCNearAudio.sys [10/3/2009 10:17 PM 21504]
S3 TCNearMidi;TC Near MIDI;c:\windows\system32\drivers\TCNearMidi.sys [10/3/2009 10:17 PM 24064]
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2009-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]

2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-682003330-1004Core.job
- c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:01]

2010-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-682003330-1004UA.job
- c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://citrix.phsa.ca/Citrix/MetaFrame/auth/login.aspx
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\gary\Application Data\Mozilla\Firefox\Profiles\b7xlvhi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-LREC75DND7 - c:\docume~1\gary\LOCALS~1\Temp\c.exe
MSConfigStartUp-Save - c:\documents and settings\gary\Application Data\Save\Save.exe
MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe
MSConfigStartUp-ygua8e7yhuiesfha876yfauy8fe - c:\docume~1\gary\LOCALS~1\Temp\ufx48.exe
AddRemove-WhenUSaveMsg - c:\program files\Save\SaveUninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?2?8?2??p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-1229272821-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:5b,49,98,2b,0b,c0,d2,05,22,ee,95,77,c4,e4,c0,9e,9c,4e,f2,19,4a,
6f,b7,65,8c,f2,23,84,2e,67,09,e9,ad,40,84,b5,9e,f2,bc,a0,04,99,cf,40,66,6e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3116)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-22 21:21:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-23 05:21

Pre-Run: 6,511,820,800 bytes free
Post-Run: 7,757,443,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 822C81A08F5D182773ECE6CBCE0A28FA
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am

Re: Google search results getting redirected

Unread postby Carolyn » January 24th, 2010, 1:56 pm

Hello djimmy,

Run a custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\system32\Hq-MH_FJB.exe
c:\windows\system32\_-rC-GC7kT-.dll

Folder::
c:\documents and settings\gary\.COMMgr
c:\documents and settings\gary\Application Data\BitTorrent
c:\program files\BitTorrent

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


===============

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

===============

Please post the following in you next reply:
  • The ComboFix log
  • The Kaspersky log
  • A description of how your computer is behaving
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google search results getting redirected

Unread postby djimmy » January 24th, 2010, 11:07 pm

Requested logs below. The redirects seem to have stopped happening now.


ComboFix 10-01-21.08 - gary 01/24/2010 13:28:57.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.185 [GMT -8:00]
Running from: c:\documents and settings\gary\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gary\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FILE ::
"c:\windows\system32\_-rC-GC7kT-.dll"
"c:\windows\system32\Hq-MH_FJB.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\gary\.COMMgr
c:\documents and settings\gary\Application Data\BitTorrent
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\045c46ea175fc84db4f5fcc3c556afefb6c33d07
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\086a31c057427a05f210230e26cbc9ab64c8be25
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\0a080e7b1e7bd8ba5b7eed1c4541f90af06c7d62
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\0f031c142c2e754b81edbf759a4419c838be3d59
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\1509244f98aa674a9c994486bdca015c5d5af57b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\1565e4ffdc6f13f9ce8fe4c41aa342c30c7b3651
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\1642e46bb65fcced363cc1409ffb5bc97cac16e5
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\17e81bf7bea2ddec706598929e58d0f3e37c5446
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\189ccd8005c5e880ebf4b7e39d30d8508785a255
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\1cf19150a5da687b91dcc66d570fdf2b612b9617
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\20ba9e010c8426042d679091b5194424226a4405
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\21247af396111682b646f3d1edaf82e643fc1d0f
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\23aa983c0ec95518c8ef41d13bc1ed3b729b5d58
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\23fbaba444e81f1a7e61d3f54b07e4ad69b6a240
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\270bd2fe0c8527235605f0db741aa12a5dea068b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\2d6e69b27f51f9fa8a1616592433ca1c7354a4a1
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\2dd085c82c7b217273346a21291b7529df08ee6d
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\2dd19e188832e57ff728ac8f1d570a0fea57a4fc
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\2f51c5b7ffc5e8695b7f31035e360345d13651d6
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\3206eac7d21634da721f569a50df271394e37b79
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\34c82d4c1c0f080e6da7e6c2853a3a306fa7edbb
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\36992b34bc951704a9b433d619ec4c0014912975
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\375f767f9ec1527d26aac64381ea53557dd2f8b8
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\3909940d4630672ef42ccfa2083a0b86c7dc9076
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\39e356aebc3bfa905348f7a4feee91d5c08320f7
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\3fd958750d71ab7ac00b40d9790ed077a621f96b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\4534e9251f81e1b79e9a1c86d7ac0733b5e0fb0f
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\461e24491906f273c042b7d3f18997905c442ef8
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\4716f60f7a38714f6dda8eac3c2d51b2c09bfaaa
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\47b6887eef65ac99b368dd39689e34d97a4a6a15
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\4822aec577c0ff08109cd9cec1a3c55cc78a66a6
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\49c8cb1a3cf0765683ca84976bcceaffdc3aff0f
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\4a20035e360f9c6b48daaf324f8fd2810bd50597
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\4ae614a0a3b8e382e22d7024bd2753cedfb48511
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\518dc68b57fca4be162bd1d57fd6325170a24b4e
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\5a01362fdad72384cb4b750e6dab0a9fdff34053
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\5d3ff99cffbb74029f6420399900bd06525ef0c7
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\5d5769ed94ce7de58fb4647c412a79608e84657c
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\5ef258074fc714f31bc5fe3ffc6e941cbb8e64fe
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\61a88b2f9f2c37c2ca457acf72b67440682a800c
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\6332a95157686fa161adca8a8e4b82ce99b04df8
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\63b3a58d07a16fd8421b407b63ff419eeb4962f0
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\64a717fcd876c99683be23d052fb531dfec7ea08
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\67067c1a2a96bb7ca5a382e461f2c33a84651185
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\6ad6a4fbf5a6f65763293a0e273cebd065b2a42b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\6e20d70dbc099bfec7f78cac3f200c99b3e03174
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\6f73febe4d91b2d984b1cf27db2dfba310c4a4d2
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\704d5c0568eaa624b869cce6bb8029473560130e
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\7b1deaa6c7f2bbd5d1600a4fcc01ed72d8484da6
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\833c7fd0fd0649b9a00e5b4724ab3d066ca006f9
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\84e77433942eaf2168416b727f766edc222b1a4a
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\8769572df71319c3a934f0c5b377fc9459ace438
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\8a8dd938508a08ac973a4005af8ab217f90bb823
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\8e08825f850715dee5892b86a5ba528f564fe521
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\914d7a595ba65e0a88a9cccb3303fff68db9370e
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\9b2844847a4659c5bf66f81ca8bb48f70cbd8496
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\9c0cd0ddf35fa628a3040b21a35094f1a20fc76f
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\9da6481a31635d38011ef1c8db1e93bef32cf01b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\a887b0b4094175347163728bc9ec411b9b8247f5
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\b4b1f6d9ca772b6f93bf22322b992b2c78e64283
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\c33d5b2f72a1a7f2726ab938923e3add99e8c66c
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\cd1593cd622b8bb3f88a6eb8066ce28a9f3a754e
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\ceb7bd19d681061d6105ce02e6e948dce9802833
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\cf0f501ad4c552f68354d0878bc7f3084fbf5ade
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\cfad5eebb0c90d3ff7e1f9d3075ee1f0004ed8e5
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\d85e19abb40967ab030acabb782ba5bb8be90165
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\d97bac576508273b1ed98acd212b9a982e83a4c4
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\dc56a62bcf5592b602b413381ccbf1d90a691b3c
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\e7ef4506f0d9c69ddde0c952cfbe36358e4837b2
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\e81c47c31ce758ec54b966b6abd03a8d26c46872
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\e82e1a93eedd8bbdd7a337e879a32a89fde43b8b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\eb94baad83cdc4a00c0dc91df6914081bbc3483b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\ed7d76c80548b45e1af3cd14ce172a4fc06c3702
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\edf0b2005d263c385ad6031496feae8dbcff851b
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\f23aa004317affa7c8483d598d563fe5dd55bb18
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\ff41b50295fe656f279df0012edb66f4c6033404
c:\documents and settings\gary\Application Data\BitTorrent\data\metainfo\ff79de12ee812b870bd0f4a3eca8cd6eb1b5bb8a
c:\documents and settings\gary\Application Data\BitTorrent\data\resume\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\gary\Application Data\BitTorrent\data\routing_table
c:\documents and settings\gary\Application Data\BitTorrent\data\torrents\efa5446e585b9b7fa5e91550144e1f0394d2eee5
c:\documents and settings\gary\Application Data\BitTorrent\data\ui_config
c:\documents and settings\gary\Application Data\BitTorrent\data\ui_state
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\windows\system32\_-rC-GC7kT-.dll
c:\windows\system32\Hq-MH_FJB.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-22 00:02 . 2010-01-22 00:02 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-14 07:52 . 2010-01-14 07:52 -------- d-----w- c:\program files\Trend Micro
2010-01-14 07:46 . 2010-01-14 07:46 -------- d-----w- c:\program files\Fiesta Download Manager
2010-01-13 07:20 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-13 06:01 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-13 06:00 . 2010-01-13 06:00 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-13 06:00 . 2010-01-13 06:00 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-13 06:00 . 2010-01-13 06:00 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-13 06:00 . 2010-01-13 06:00 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-13 06:00 . 2010-01-22 00:02 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-13 06:00 . 2010-01-13 06:00 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-13 05:59 . 2010-01-13 05:59 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-13 05:58 . 2010-01-13 05:59 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-13 05:58 . 2010-01-13 05:58 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-13 05:58 . 2010-01-22 00:02 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-13 05:58 . 2010-01-13 05:58 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-13 05:58 . 2010-01-13 05:58 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-13 05:58 . 2010-01-13 05:58 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-13 05:57 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-01-13 04:38 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\documents and settings\gary\Application Data\Malwarebytes
2010-01-12 03:09 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 03:09 . 2010-01-12 03:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 03:09 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 02:16 . 2010-01-12 03:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-11 01:36 . 2010-01-13 05:57 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-11 01:15 . 2009-12-01 18:52 621944 ----a-w- C:\pskill.exe
2010-01-11 01:15 . 2006-12-05 01:53 125744 ----a-w- C:\pslist.exe
2009-12-27 03:41 . 2010-01-14 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Fiesta Download Manager
2009-12-27 00:40 . 2009-12-27 00:40 -------- d-----w- c:\program files\iPod
2009-12-27 00:40 . 2009-12-27 02:07 -------- d-----w- c:\program files\iTunes
2009-12-27 00:40 . 2009-12-27 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-27 00:37 . 2009-12-27 00:38 -------- d-----w- c:\program files\QuickTime
2009-12-27 00:35 . 2009-08-29 03:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-12-27 00:35 . 2009-08-29 03:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-12-27 00:34 . 2009-12-27 00:34 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-27 00:33 . 2009-12-27 00:33 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 21:41 . 2008-11-15 21:32 -------- d-----w- c:\documents and settings\gary\Application Data\DNA
2010-01-23 05:08 . 2009-04-29 01:36 -------- d-----w- c:\documents and settings\gary\Application Data\Dropbox
2010-01-23 05:08 . 2008-11-15 21:32 -------- d-----w- c:\program files\DNA
2010-01-21 06:38 . 2009-06-03 06:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 03:40 . 2005-11-23 00:50 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-14 02:51 . 2007-07-28 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 07:20 . 2007-04-15 08:34 -------- d-----w- c:\program files\WinAce
2010-01-13 05:56 . 2009-10-10 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-12 03:36 . 2009-03-10 03:53 -------- d-----w- c:\documents and settings\gary\Application Data\Save
2010-01-05 10:00 . 2004-08-04 20:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 20:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 20:00 17408 ------w- c:\windows\system32\corpol.dll
2010-01-02 00:33 . 2007-04-16 02:17 -------- d-----w- c:\documents and settings\gary\Application Data\Apple Computer
2009-12-27 02:02 . 2009-11-11 21:08 79488 ----a-w- c:\documents and settings\gary\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 01:55 . 2008-03-04 04:56 -------- d-----w- c:\program files\Apple Software Update
2009-12-27 00:40 . 2008-03-04 04:55 -------- d-----w- c:\program files\Common Files\Apple
2009-12-12 07:44 . 2009-12-12 07:44 79488 ----a-w- c:\documents and settings\Melanie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-11 07:33 . 2009-12-11 07:33 -------- d-----w- c:\program files\Mixxx
2009-11-21 15:51 . 2004-08-04 20:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 04:48 . 2007-04-20 02:49 107640 -c--a-w- c:\documents and settings\Melanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 23:02 . 2007-04-06 20:12 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-09-02 23:02 . 2007-04-06 20:12 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-09-02 23:02 . 2007-04-06 20:12 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-09-02 23:02 . 2007-04-06 20:12 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-09-02 23:02 . 2007-04-06 20:12 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2006-05-03 09:06 . 2007-09-24 05:26 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-09-24 05:26 31232 -csh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\documents and settings\gary\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-11 761945]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-05-18 233534]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"DetectorApp"="c:\program files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe" [2005-10-20 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-29 144792]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-26 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

c:\documents and settings\gary\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\gary\Application Data\Dropbox\bin\Dropbox.exe [2009-8-30 26784939]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 17:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 18:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 20:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LeechFTP\\Leechftp.exe"=
"c:\\Documents and Settings\\gary\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/12/2010 10:01 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
S3 TCNear;TC Near;c:\windows\system32\drivers\TCNear.sys [10/3/2009 10:17 PM 121216]
S3 TCNearAudio;TC Near Audio;c:\windows\system32\drivers\TCNearAudio.sys [10/3/2009 10:17 PM 21504]
S3 TCNearMidi;TC Near MIDI;c:\windows\system32\drivers\TCNearMidi.sys [10/3/2009 10:17 PM 24064]
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2010-01-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 00:02]

2009-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-682003330-1004Core.job
- c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:01]

2010-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1229272821-682003330-1004UA.job
- c:\documents and settings\gary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = https://citrix.phsa.ca/Citrix/MetaFrame/auth/login.aspx
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\gary\Application Data\Mozilla\Firefox\Profiles\b7xlvhi2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Hq-MH_FJB - c:\windows\system32\Hq-MH_FJB.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?2?8?2??p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-1229272821-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:5b,49,98,2b,0b,c0,d2,05,22,ee,95,77,c4,e4,c0,9e,9c,4e,f2,19,4a,
6f,b7,65,8c,f2,23,84,2e,67,09,e9,ad,40,84,b5,9e,f2,bc,a0,04,99,cf,40,66,6e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-24 13:46:48
ComboFix-quarantined-files.txt 2010-01-24 21:46
ComboFix2.txt 2010-01-23 05:21

Pre-Run: 7,691,640,832 bytes free
Post-Run: 7,655,161,856 bytes free

- - End Of File - - 5B0992629DD8F3578CE7C76EB001761A

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, January 24, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, January 24, 2010 22:44:27
Records in database: 3366805
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 92636
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:03:32


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19473001.def Infected: not-a-virus:WebToolbar.Win32.Zango.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22010561.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\gary\Local Settings\Application Data\Identities\{05C25C43-8F44-46B6-961B-BBE7F1ED2F0C}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Backdoor.Win32.Bredolab.sm 1

Selected area has been scanned.
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am

Re: Google search results getting redirected

Unread postby Carolyn » January 25th, 2010, 4:52 pm

Hello again,

The Kaspersky log indicates that there is an infected email in the Deleted Items folder in Outlook Express.

Please empty your "Deleted Items" folder. To do this right click on the Deleted Items folder and click "Empty 'Deleted Items' Folder".

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders

======================

Update Java Runtime and Run JavaRa

    Download Java Runtime
  • Go to HERE to download Java Runtime Environment Version 6 Update 17
  • Click on the link named Java Runtime Environment (JRE) 6 Update 17
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation Multi-language and save the downloaded file to your desktop

    Run JavaRa
  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

    Install Java
  • Install the new version of Java by running the newly-downloaded file ( jre-6u13-windows-i586-p.exe) with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

======================

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

======================

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

    Delete ComboFix and Clean Up

    The following will implement some cleanup procedures as well as reset System Restore points:

    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall

    Please advise if this step is missed for any reason as it performs some important actions.


    OTC

    Download OTC by Old Timer and save it to your Desktop.

    • Double-click OTC.exe
    • Click the CleanUp! button
    • Select Yes when the Begin cleanup Process? Prompt appears
    • If you are prompted to Reboot during the cleanup, select Yes
    • The tool will delete itself once it finishes, if not delete it by yourself

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under Hidden files and folders if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check Display content of system folders
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK


    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

    • Malwarebytes' Anti-Malware or SuperAntiSpyware
      These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
      You can download SuperAntiSpyware from HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, Run and type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google search results getting redirected

Unread postby djimmy » January 28th, 2010, 2:20 am

Thanks Carolyn - all seems to be fine. Thanks very much for your help!
djimmy
Active Member
 
Posts: 7
Joined: January 14th, 2010, 4:00 am

Re: Google search results getting redirected

Unread postby Carolyn » January 28th, 2010, 8:46 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 333 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware