Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Results not what they were

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Search Results not what they were

Unread postby problemchild » February 24th, 2009, 6:27 am

Hi,
I dont really know when this started exactly :oops: but it would seem that whenever I do a google search these days I get all of the results which look like they match my search criteria, but when you click on the link you're taken to seemingly unrelated websites.

Nothing offensive - just car yards and other odd websites.

Help?

I've downloaded Malwarebytes and I'm currently running a scan. Nothing found yet. I've also run HijackThis and here are my results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:08 PM, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\hkcmd.exe
H:\WINDOWS\system32\igfxpers.exe
H:\WINDOWS\system32\igfxsrvc.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
H:\Program Files\CyberLink\PCM4Everio\EverioService.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Windows Live\Family Safety\fsui.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
H:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
H:\Program Files\Windows Live\Family Safety\fsssvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Windows Live\Toolbar\wltuser.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\Documents and Settings\Chelsea\Desktop\HiJackThis.exe
H:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.16.63.13:9877
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - H:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - H:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - H:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] H:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] H:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EverioService] "H:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "H:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0}: NameServer = 61.88.88.88
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 8372 bytes

Please help? :?
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am
Advertisement
Register to Remove

Re: Google Search Results not what they were

Unread postby dan12 » February 24th, 2009, 6:03 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » February 25th, 2009, 3:27 am

Hi Dan,

Thanks heaps for looking at this. Unfortunately I work full time so I only get to reply to your posts when I'm home in front of the computer.

Here is the results of the HiJack This installed programs thing you asked me to do.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Ask Toolbar
avast! Antivirus
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
Choice Guard
Digital Photo Navigator 1.5
Free YouTube to Mp3 Converter version 3.1
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Junk Mail filter update
LightScribe System Software 1.10.16.1
LimeWire 5.0.11
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox (3.0.6)
MP3 Converter Simple
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 8 Essentials
neroxml
OGA Notifier 1.7.0105.35.0
PowerCinema NE for Everio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
Uninstall 1.0.0.1
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Search 4.0



Thanks again!
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » February 25th, 2009, 5:15 am

Hi, is this your works domain?

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0}: NameServer = 61.88.88.88

-----------------


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

------------------------

Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

Ask Toolbar

Now close Control Panel.

------------------------

Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

---------------------

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  • DDS.txt
  • Attach.txt
  • Gmer.txt
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » February 26th, 2009, 3:15 am

Hi Dan. This is my home computer (the one with the problem). My work computer (who's google works) was how I found you guys.

I have removed Limewire & the Ask Toolbar as requested.

Here is the DDS results:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Chelsea at 17:59:06.90 on Thu 26/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1424 [GMT 11:00]

AV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning disabled* (Updated)

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\igfxsrvc.exe
H:\WINDOWS\system32\igfxpers.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\CyberLink\PCM4Everio\EverioService.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Windows Live\Family Safety\fsui.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
H:\Program Files\Windows Live\Family Safety\fsssvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Documents and Settings\Chelsea\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=10.16.63.13:9877
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - h:\program files\windows live\family safety\fssbho.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - h:\program files\windows live\messenger\wlchtc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - h:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - h:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - h:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - h:\program files\windows live\toolbar\wltcore.dll
uRun: [LightScribe Control Panel] h:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "h:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] h:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] h:\windows\system32\hkcmd.exe
mRun: [Persistence] h:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GEST] =
mRun: [NeroFilterCheck] h:\program files\common files\nero\lib\NeroCheck.exe
mRun: [EverioService] "h:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [SunJavaUpdateSched] "h:\program files\java\jre6\bin\jusched.exe"
mRun: [fssui] "h:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] h:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] h:\windows\system32\CTFMON.EXE
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - h:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - h:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - h:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: ebay.com.au\signin
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: {B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0} = 61.88.88.88
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - h:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\chelsea\applic~1\mozilla\firefox\profiles\ctu4c0p3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http - 10.16.63.13
FF - prefs.js: network.proxy.http_port - 9877
FF - prefs.js: network.proxy.type - 1
FF - plugin: h:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: h:\program files\microsoft\office live\npOLW.dll
FF - plugin: h:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-2-24 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-2-24 20560]
R2 avast! Antivirus;avast! Antivirus;h:\program files\alwil software\avast4\ashServ.exe [2009-2-24 138680]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;h:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-21 55136]
R2 fsssvc;Windows Live Family Safety;h:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 921936]
R2 SeaPort;SeaPort;h:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 avast! Mail Scanner;avast! Mail Scanner;h:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;h:\program files\alwil software\avast4\ashWebSv.exe [2009-2-24 352920]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);h:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-12-18 29181272]

=============== Created Last 30 ================

2009-02-24 22:59 15,688 a------- h:\windows\system32\lsdelete.exe
2009-02-24 22:10 <DIR> -cd-h--- h:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-24 22:10 <DIR> --d----- h:\program files\Lavasoft
2009-02-24 20:54 <DIR> --d----- h:\docume~1\chelsea\applic~1\Malwarebytes
2009-02-24 20:54 15,504 a------- h:\windows\system32\drivers\mbam.sys
2009-02-24 20:54 38,496 a------- h:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 20:54 <DIR> --d----- h:\program files\Malwarebytes' Anti-Malware
2009-02-24 20:54 <DIR> --d----- h:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-22 19:07 <DIR> --d----- h:\program files\SmartDraw 2009
2009-02-18 18:09 0 a------- H:\p3.bat
2009-02-12 21:13 <DIR> --d----- h:\windows\SQLTools9_KB960089_ENU
2009-02-12 21:11 <DIR> --d----- h:\windows\SQL9_KB960089_ENU
2009-02-06 19:03 307,576 a------- h:\windows\WLXPGSS.SCR
2009-02-06 18:52 49,504 a------- h:\windows\system32\sirenacm.dll
2009-02-04 18:59 344,064 a------- h:\windows\system32\msvcr70.dll
2009-02-04 18:58 <DIR> --d----- h:\program files\DVDVideoSoft
2009-02-04 18:58 <DIR> --d----- h:\program files\common files\DVDVideoSoft
2009-02-03 22:29 24 a------- h:\windows\system32\sysogg.dll
2009-02-03 22:24 1,703,936 a------- h:\windows\system32\NCTAudioFile.dll
2009-02-03 22:24 233,472 a------- h:\windows\system32\lame_enc.dll
2009-02-03 22:24 140,288 a------- h:\windows\system32\Comdlg32.ocx
2009-02-03 22:24 <DIR> --d----- h:\program files\MP3 Converter Simple
2009-02-03 22:18 <DIR> --d----- h:\docume~1\chelsea\applic~1\LimeWire
2009-02-03 22:17 410,984 a------- h:\windows\system32\deploytk.dll
2009-02-03 22:17 73,728 a------- h:\windows\system32\javacpl.cpl

==================== Find3M ====================

2008-12-31 17:04 691,560 a------- h:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- h:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- h:\windows\system32\OGAAddin.dll
2008-12-21 10:15 826,368 a------- h:\windows\system32\wininet.dll
2008-12-13 15:35 1,851,544 a------- H:\install_flash_player.exe

============= FINISH: 17:59:19.95 ===============

Here is the DDS Attach results:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 25/11/2008 6:50:21 PM
System Uptime: 26/02/2009 5:50:42 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/266mhz

==== Disk Partitions =========================

D: is Removable
E: is Removable
F: is Removable
G: is CDROM ()
H: is FIXED (NTFS) - 233 GiB total, 216.909 GiB free.
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP13: 27/11/2008 9:12:39 PM - Installed Microsoft Office Outlook Connector
RP14: 27/11/2008 9:21:38 PM - Installed Windows XP KB915800-v4.
RP15: 27/11/2008 9:21:55 PM - Installed Windows XP Windows Search 4.0.
RP16: 27/11/2008 9:54:50 PM - Software Distribution Service 3.0
RP17: 27/11/2008 9:56:22 PM - Installed Windows NLSDownlevelMapping.
RP18: 27/11/2008 9:56:35 PM - Installed Windows IDNMitigationAPIs.
RP19: 27/11/2008 9:57:35 PM - Installed Windows Internet Explorer 7.
RP20: 27/11/2008 9:58:02 PM - Software Distribution Service 3.0
RP21: 27/11/2008 10:08:26 PM - Software Distribution Service 3.0
RP22: 27/11/2008 10:23:00 PM - Software Distribution Service 3.0
RP23: 29/11/2008 5:59:37 PM - Installed Windows Live installer
RP24: 29/11/2008 6:00:18 PM - Installed Windows Live
RP25: 29/11/2008 6:16:43 PM - Installed Windows Live Messenger
RP26: 29/11/2008 6:17:50 PM - Installed Windows Live Sign-in Assistant
RP27: 5/12/2008 7:35:36 AM - System Checkpoint
RP28: 6/12/2008 6:34:08 PM - System Checkpoint
RP29: 9/12/2008 8:03:13 PM - System Checkpoint
RP30: 13/12/2008 4:06:02 PM - Software Distribution Service 3.0
RP31: 18/12/2008 6:33:53 PM - Software Distribution Service 3.0
RP32: 20/12/2008 9:18:20 PM - Removed Microsoft Office Outlook Connector
RP33: 20/12/2008 9:18:39 PM - Installed Microsoft Office Outlook Connector
RP34: 21/12/2008 3:54:42 PM - Installed Windows XP KB954708.
RP35: 21/12/2008 3:54:57 PM - Installed DirectX
RP36: 24/12/2008 5:19:32 PM - System Checkpoint
RP37: 26/12/2008 11:16:31 AM - Installed Digital Photo Navigator 1.5
RP38: 29/12/2008 8:00:42 PM - System Checkpoint
RP39: 2/01/2009 10:20:07 AM - System Checkpoint
RP40: 3/01/2009 6:24:22 PM - System Checkpoint
RP41: 7/01/2009 1:08:41 PM - System Checkpoint
RP42: 14/01/2009 1:11:43 PM - Software Distribution Service 3.0
RP43: 15/01/2009 3:16:45 PM - Software Distribution Service 3.0
RP44: 17/01/2009 5:52:40 PM - System Checkpoint
RP45: 19/01/2009 8:00:54 PM - System Checkpoint
RP46: 21/01/2009 9:04:36 PM - System Checkpoint
RP47: 23/01/2009 2:34:44 PM - System Checkpoint
RP48: 25/01/2009 11:37:41 AM - System Checkpoint
RP49: 27/01/2009 8:01:10 PM - System Checkpoint
RP50: 3/02/2009 10:51:12 PM - System Checkpoint
RP51: 7/02/2009 5:00:36 PM - System Checkpoint
RP52: 8/02/2009 6:11:38 PM - System Checkpoint
RP53: 10/02/2009 10:23:07 AM - System Checkpoint
RP54: 11/02/2009 8:22:28 PM - Software Distribution Service 3.0
RP55: 12/02/2009 8:33:07 PM - System Checkpoint
RP56: 12/02/2009 9:11:00 PM - Software Distribution Service 3.0
RP57: 14/02/2009 5:25:17 PM - System Checkpoint
RP58: 15/02/2009 6:58:57 PM - System Checkpoint
RP59: 18/02/2009 6:35:01 PM - System Checkpoint
RP60: 21/02/2009 10:00:07 PM - System Checkpoint
RP61: 21/02/2009 10:03:46 PM - Installed DirectX
RP62: 23/02/2009 7:40:22 PM - System Checkpoint
RP63: 25/02/2009 6:15:41 PM - Removed Kaspersky Anti-Virus 6.0.
RP64: 25/02/2009 7:00:14 PM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
avast! Antivirus
Business Contact Manager for Outlook 2007 SP1
Choice Guard
Digital Photo Navigator 1.5
Free YouTube to Mp3 Converter version 3.1
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)
Google Updater
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Junk Mail filter update
LightScribe System Software 1.10.16.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox (3.0.6)
MP3 Converter Simple
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 8 Essentials
neroxml
OGA Notifier 1.7.0105.35.0
PowerCinema NE for Everio
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Segoe UI
Uninstall 1.0.0.1
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Search 4.0

==== Event Viewer Messages From Past Week ========

21/02/2009 10:03:27 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/02/2009 10:03:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
21/02/2009 10:03:27 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

And finally here is the GMER ... I did this in two rounds because I wasnt sure if the first bit was enough so I did the full scan too.
1st results:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-26 18:03:58
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.14 ----

Full scan from Gmer
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-26 18:07:44
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA79D76B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA79D7574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA79D7A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA79D714C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA79D764E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA79D708C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA79D70F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA79D776E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA79D772E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA79D78AE]

---- User code sections - GMER 1.0.14 ----

.text H:\Program Files\Windows Live\Family Safety\fsssvc.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0101F7BF H:\Program Files\Windows Live\Family Safety\fsssvc.exe (Family Safety Service/Microsoft Corporation)
.text H:\WINDOWS\system32\SearchIndexer.exe[2180] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C H:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
IAT H:\WINDOWS\system32\services.exe[748] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1

---- EOF - GMER 1.0.14 ----

Really hope you can help
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » February 26th, 2009, 5:56 am

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.




Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » February 26th, 2009, 5:17 pm

Hi Dan,

GooredFix Log:


GooredFix v1.91 by jpshortstuff
Log created at 07:53 on 27/02/2009 running Option #1 (Chelsea)
Firefox version 3.0.6 (en-GB)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="H:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="H:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="H:\Program Files\Java\jre6\lib\deploy\jqs\ff"

ComboFix Log:

ComboFix 09-02-26.01 - Chelsea 2009-02-27 8:10:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1580 [GMT 11:00]
Running from: h:\documents and settings\Chelsea\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\system32\sysogg.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-26 18:02 . 2009-02-26 18:03 250 --a------ h:\windows\gmer.ini
2009-02-24 22:59 . 2009-01-19 08:35 15,688 --a------ h:\windows\system32\lsdelete.exe
2009-02-24 22:10 . 2009-02-24 22:10 <DIR> d-------- h:\program files\Lavasoft
2009-02-24 22:10 . 2009-02-24 22:51 <DIR> d-------- h:\documents and settings\All Users\Application Data\Lavasoft
2009-02-24 22:10 . 2009-02-24 22:10 <DIR> d--h-c--- h:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-24 21:52 . 2009-02-24 21:52 <DIR> d-------- h:\program files\Alwil Software
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\Malwarebytes
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 20:54 . 2009-02-11 10:19 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 20:54 . 2009-02-11 10:19 15,504 --a------ h:\windows\system32\drivers\mbam.sys
2009-02-22 19:07 . 2009-02-22 19:28 <DIR> d-------- h:\program files\SmartDraw 2009
2009-02-18 18:09 . 2009-02-18 18:09 0 --a------ H:\p3.bat
2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d-------- h:\windows\Sun
2009-02-14 18:56 . 2009-02-14 18:56 <DIR> d-------- h:\program files\Google
2009-02-14 18:56 . 2009-02-26 17:51 <DIR> d-------- h:\documents and settings\All Users\Application Data\Google Updater
2009-02-12 21:13 . 2009-02-12 21:13 <DIR> d-------- h:\windows\SQLTools9_KB960089_ENU
2009-02-12 21:11 . 2009-02-12 21:11 <DIR> d-------- h:\windows\SQL9_KB960089_ENU
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ h:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ h:\windows\system32\sirenacm.dll
2009-02-04 21:38 . 2009-02-04 21:38 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\Nero
2009-02-04 18:59 . 2002-01-05 14:37 344,064 --a------ h:\windows\system32\msvcr70.dll
2009-02-04 18:58 . 2009-02-04 18:58 <DIR> d-------- h:\program files\DVDVideoSoft
2009-02-04 18:58 . 2009-02-04 18:59 <DIR> d-------- h:\program files\Common Files\DVDVideoSoft
2009-02-03 22:24 . 2009-02-03 22:29 <DIR> d-------- h:\program files\MP3 Converter Simple
2009-02-03 22:24 . 2002-11-13 11:14 1,703,936 --a------ h:\windows\system32\NCTAudioFile.dll
2009-02-03 22:24 . 2002-09-06 11:36 233,472 --a------ h:\windows\system32\lame_enc.dll
2009-02-03 22:24 . 2002-07-09 22:42 140,288 --a------ h:\windows\system32\Comdlg32.ocx
2009-02-03 22:18 . 2009-02-03 22:33 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\LimeWire
2009-02-03 22:17 . 2009-02-03 22:17 <DIR> d-------- h:\program files\Java
2009-02-03 22:17 . 2009-02-03 22:17 410,984 --a------ h:\windows\system32\deploytk.dll
2009-02-03 22:17 . 2009-02-03 22:17 73,728 --a------ h:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 08:06 --------- d-----w h:\program files\Microsoft Silverlight
2009-02-25 07:16 --------- d-----w h:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-21 11:05 --------- d-----w h:\program files\Windows Live
2009-02-12 10:14 --------- d-----w h:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 10:13 --------- d-----w h:\program files\Microsoft SQL Server
2009-01-24 23:52 --------- d-----w h:\documents and settings\Chelsea\Application Data\CyberLink
2009-01-24 23:52 --------- d-----w h:\documents and settings\All Users\Application Data\Cyberlink
2009-01-23 02:21 --------- d-----w h:\documents and settings\Chelsea\Application Data\AdobeUM
2008-12-31 06:04 691,560 ----a-w h:\windows\system32\OGACheckControl.dll
2008-12-31 06:04 528,744 ----a-w h:\windows\system32\OGAVerify.exe
2008-12-31 06:04 502,120 ----a-w h:\windows\system32\OGAAddin.dll
2008-12-26 00:18 --------- d--h--w h:\program files\InstallShield Installation Information
2008-12-26 00:18 --------- d-----w h:\program files\CyberLink
2008-12-26 00:16 --------- d-----w h:\program files\Digital Photo Navigator 1.5
2008-12-26 00:16 --------- d-----w h:\program files\Common Files\InstallShield
2008-12-20 23:15 826,368 ----a-w h:\windows\system32\wininet.dll
2008-12-13 04:35 1,851,544 ----a-w H:\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="h:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="h:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IgfxTray"="h:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="h:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"NeroFilterCheck"="h:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"EverioService"="h:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-04-03 151552]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"fssui"="h:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"Ad-Watch"="h:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-19 506712]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 h:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - h:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-02-24 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-02-24 20560]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;h:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-21 55136]
R2 fsssvc;Windows Live Family Safety;h:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 921936]
R2 SeaPort;SeaPort;h:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);h:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"h:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 08:34]

2009-02-26 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=10.16.63.13:9877
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ebay.com.au\signin
TCP: {B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0} = 61.88.88.88
FF - ProfilePath - h:\documents and settings\Chelsea\Application Data\Mozilla\Firefox\Profiles\ctu4c0p3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http - 10.16.63.13
FF - prefs.js: network.proxy.http_port - 9877
FF - prefs.js: network.proxy.type - 1
FF - plugin: h:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: h:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 08:11:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-27 8:12:04
ComboFix-quarantined-files.txt 2009-02-26 21:12:02

Pre-Run: 232,825,634,816 bytes free
Post-Run: 233,017,208,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

162 --- E O F --- 2009-02-26 07:25:43

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:27 AM, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\hkcmd.exe
H:\WINDOWS\system32\igfxpers.exe
H:\WINDOWS\system32\igfxsrvc.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\CyberLink\PCM4Everio\EverioService.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Windows Live\Family Safety\fsui.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
H:\Program Files\Windows Live\Family Safety\fsssvc.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
h:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\system32\imapi.exe
H:\WINDOWS\explorer.exe
H:\Documents and Settings\Chelsea\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.16.63.13:9877
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - H:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - H:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - H:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] H:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] H:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] H:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EverioService] "H:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "H:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0}: NameServer = 61.88.88.88
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 8012 bytes

Thanks!
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » February 26th, 2009, 6:31 pm

You use this pc through a proxy server?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.16.63.13:9877
Also have you set this domain, is it a work domain?
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0}: NameServer = 61.88.88.88

let me know!
---------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
h:\documents and settings\Chelsea\Application Data\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
H:\p3.bat
Click Submit/Send File
Please post back, to let me know the results.



If Jotti is too busy please try Virustotal

---------------------


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


Update malwarebytes and do a full scan for me and post results

Post:
jotti's results
combo report
malwarebytes report
Let me know how things are,are you still getting problems?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » February 26th, 2009, 7:00 pm

Hi Dan,

I'm at work now. I have no idea what my server is ... here or at home. All other posts have been from my home PC.
I cant run any of the stuff you've asked because I'm at work... but I will run then when I get home.

My home PC runs through satellite and I think it does use a proxy. Sorry - but I really am a computer nuff nuff.
If there's something I can do to get you the information you need let me know. I'm good at following instructions.

Chelsea
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » February 26th, 2009, 7:54 pm

No problem, talk to you soon.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » February 27th, 2009, 6:35 am

Hi Dan.
Back home in front of the computer.

First: ComboFix Log results:


ComboFix 09-02-26.01 - Chelsea 2009-02-27 19:27:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1517 [GMT 11:00]
Running from: h:\documents and settings\Chelsea\Desktop\ComboFix.exe
Command switches used :: h:\documents and settings\Chelsea\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090226-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
h:\documents and settings\Chelsea\Application Data\LimeWire
.

((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-26 18:02 . 2009-02-26 18:03 250 --a------ h:\windows\gmer.ini
2009-02-24 22:59 . 2009-01-19 08:35 15,688 --a------ h:\windows\system32\lsdelete.exe
2009-02-24 22:10 . 2009-02-24 22:10 <DIR> d-------- h:\program files\Lavasoft
2009-02-24 22:10 . 2009-02-24 22:51 <DIR> d-------- h:\documents and settings\All Users\Application Data\Lavasoft
2009-02-24 22:10 . 2009-02-24 22:10 <DIR> d--h-c--- h:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-24 21:52 . 2009-02-24 21:52 <DIR> d-------- h:\program files\Alwil Software
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\Malwarebytes
2009-02-24 20:54 . 2009-02-24 20:54 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 20:54 . 2009-02-11 10:19 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 20:54 . 2009-02-11 10:19 15,504 --a------ h:\windows\system32\drivers\mbam.sys
2009-02-22 19:07 . 2009-02-22 19:28 <DIR> d-------- h:\program files\SmartDraw 2009
2009-02-18 18:09 . 2009-02-18 18:09 0 --a------ H:\p3.bat
2009-02-15 18:27 . 2009-02-15 18:27 <DIR> d-------- h:\windows\Sun
2009-02-14 18:56 . 2009-02-14 18:56 <DIR> d-------- h:\program files\Google
2009-02-14 18:56 . 2009-02-27 19:21 <DIR> d-------- h:\documents and settings\All Users\Application Data\Google Updater
2009-02-12 21:13 . 2009-02-12 21:13 <DIR> d-------- h:\windows\SQLTools9_KB960089_ENU
2009-02-12 21:11 . 2009-02-12 21:11 <DIR> d-------- h:\windows\SQL9_KB960089_ENU
2009-02-06 19:03 . 2009-02-06 19:03 307,576 --a------ h:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ h:\windows\system32\sirenacm.dll
2009-02-04 21:38 . 2009-02-04 21:38 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\Nero
2009-02-04 18:59 . 2002-01-05 14:37 344,064 --a------ h:\windows\system32\msvcr70.dll
2009-02-04 18:58 . 2009-02-04 18:58 <DIR> d-------- h:\program files\DVDVideoSoft
2009-02-04 18:58 . 2009-02-04 18:59 <DIR> d-------- h:\program files\Common Files\DVDVideoSoft
2009-02-03 22:24 . 2009-02-03 22:29 <DIR> d-------- h:\program files\MP3 Converter Simple
2009-02-03 22:24 . 2002-11-13 11:14 1,703,936 --a------ h:\windows\system32\NCTAudioFile.dll
2009-02-03 22:24 . 2002-09-06 11:36 233,472 --a------ h:\windows\system32\lame_enc.dll
2009-02-03 22:24 . 2002-07-09 22:42 140,288 --a------ h:\windows\system32\Comdlg32.ocx
2009-02-03 22:18 . 2009-02-03 22:33 <DIR> d-------- h:\documents and settings\Chelsea\Application Data\LimeWire
2009-02-03 22:17 . 2009-02-03 22:17 <DIR> d-------- h:\program files\Java
2009-02-03 22:17 . 2009-02-03 22:17 410,984 --a------ h:\windows\system32\deploytk.dll
2009-02-03 22:17 . 2009-02-03 22:17 73,728 --a------ h:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 08:06 --------- d-----w h:\program files\Microsoft Silverlight
2009-02-25 07:16 --------- d-----w h:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-21 11:05 --------- d-----w h:\program files\Windows Live
2009-02-12 10:14 --------- d-----w h:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 10:13 --------- d-----w h:\program files\Microsoft SQL Server
2009-01-24 23:52 --------- d-----w h:\documents and settings\Chelsea\Application Data\CyberLink
2009-01-24 23:52 --------- d-----w h:\documents and settings\All Users\Application Data\Cyberlink
2009-01-23 02:21 --------- d-----w h:\documents and settings\Chelsea\Application Data\AdobeUM
2008-12-31 06:04 691,560 ----a-w h:\windows\system32\OGACheckControl.dll
2008-12-31 06:04 528,744 ----a-w h:\windows\system32\OGAVerify.exe
2008-12-31 06:04 502,120 ----a-w h:\windows\system32\OGAAddin.dll
2008-12-20 23:15 826,368 ----a-w h:\windows\system32\wininet.dll
2008-12-13 04:35 1,851,544 ----a-w H:\install_flash_player.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-02-27_ 8.11.35.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-27 08:20:47 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_474.dat
+ 2009-02-27 08:20:38 16,384 ----atw h:\windows\Temp\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="h:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-19 455968]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="h:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="h:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="h:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"NeroFilterCheck"="h:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"EverioService"="h:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-04-03 151552]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"fssui"="h:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"Ad-Watch"="h:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-19 506712]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 h:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Windows Search.lnk - h:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [2009-02-24 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [2009-02-24 20560]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;h:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-21 55136]
R2 fsssvc;Windows Live Family Safety;h:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 921936]
R2 SeaPort;SeaPort;h:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);h:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"h:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 08:34]

2009-02-27 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 18:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=10.16.63.13:9877
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ebay.com.au\signin
TCP: {B4399E96-14B6-4220-9C3D-FD3AC2BBE8D0} = 61.88.88.88
FF - ProfilePath - h:\documents and settings\Chelsea\Application Data\Mozilla\Firefox\Profiles\ctu4c0p3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http - 10.16.63.13
FF - prefs.js: network.proxy.http_port - 9877
FF - prefs.js: network.proxy.type - 1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 19:29:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-27 19:29:50
ComboFix-quarantined-files.txt 2009-02-27 08:29:48
ComboFix2.txt 2009-02-26 21:12:05

Pre-Run: 233,015,967,744 bytes free
Post-Run: 233,004,871,680 bytes free

152 --- E O F --- 2009-02-26 07:25:43

[color=#FF0000]Second - I tried to check the file H:/p3.bat using Jotti and they said "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" [/color]
(I had disabled all firewalls & Anti virus stuff)

Thirdly - I will go to the Kaspersky website and complete the online scan as you instructed, but at the moment my Satellite service has been shaped to 64K :x ... and downloading the database is taking forever!!! Below are the results from my AVAST! 4.8 anti virus program (which may be rubbish but I attach it anyway)
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Friday, 27 February 2009 8:29:10 PM
* VPS: 090226-0, 26/02/2009
*

H:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\MiniMessage\2 [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_85c.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\Local Settings\Application Data\Microsoft\Search Enhancement Pack\Search Box Extension\history.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\Local Settings\temp\hsperfdata_Chelsea\1732 [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\Local Settings\temp\hsperfdata_Chelsea\2752 [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\Chelsea\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\LocalService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\LocalService\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b08.dat [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\NetworkService\NTUSER.DAT [E] The process cannot access the file because it is being used by another process (32)
H:\Documents and Settings\NetworkService\ntuser.dat.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf [E] The process cannot access the file because it is being used by another process (32)
H:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf [E] The process cannot access the file because it is being used by another process (32)
H:\System Volume Information\_restore{97E6B42B-0381-4A8C-AE6C-DF7A6DEB7DBB}\RP62\A0022064.sys [L] Win32:Daonol-K [Trj] (0)
File was successfully moved to chest...
H:\WINDOWS\system32\CatRoot2\edb.log [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\CatRoot2\tmp.edb [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\default [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\default.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\SAM.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\SECURITY.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\software [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\software.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\system [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\system32\config\system.LOG [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\Temp\Perflib_Perfdata_474.dat [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\Temp\Perflib_Perfdata_55c.dat [E] The process cannot access the file because it is being used by another process (32)
H:\WINDOWS\Temp\_avast4_\Webshlock.txt [E] The process cannot access the file because it is being used by another process (32)
Infected files: 1
Total files: 62902
Total folders: 5332
Total size: 15.3 GB

*
* Task stopped: Friday, 27 February 2009 9:16:41 PM
* Run-time was 47 minute(s), 31 second(s)
*


Fourthly I've rerun Malwarebytes. Results below
Malwarebytes' Anti-Malware 1.34
Database version: 1798
Windows 5.1.2600 Service Pack 3

27/02/2009 9:31:11 PM
mbam-log-2009-02-27 (21-31-11).txt

Scan type: Full Scan (H:\|)
Objects scanned: 125598
Time elapsed: 25 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Finally, I've run some searches using Google and they look pretty good to me. :D


Thanks so much for your help and your patience!!!!
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » February 27th, 2009, 6:45 am

No problem,if your service gets better and able to run the kaspersky scan let me have it.
I will look over your returned logs later as I have to go out.
will post back later.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby dan12 » February 27th, 2009, 7:37 pm

Any luck with the kaspersky scan yet? :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Google Search Results not what they were

Unread postby problemchild » March 1st, 2009, 7:00 pm

Not as yet. I was away for the weekend. Will attempt to run it again tonight.
At 64K it will probably take all night to run
problemchild
Active Member
 
Posts: 12
Joined: February 24th, 2009, 6:19 am

Re: Google Search Results not what they were

Unread postby dan12 » March 1st, 2009, 7:03 pm

Thanks for letting me know as logs get closed after 5days without a response.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware