Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have something wrong DNS Advantage -search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 25th, 2009, 8:26 pm

Malware bytes log

Malwarebytes' Anti-Malware 1.34
Database version: 1894
Windows 6.0.6001 Service Pack 1

3/25/2009 8:23:10 PM
mbam-log-2009-03-25 (20-23-10).txt

Scan type: Full Scan (C:\|D:\|P:\|)
Objects scanned: 323729
Time elapsed: 2 hour(s), 38 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Jottis log
Scan taken on 25 Mar 2009 11:57:35 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm
Advertisement
Register to Remove

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 26th, 2009, 7:52 am

That all looks fine.

Do you still have your Windows disc?

How's the PC running? Everything looks OK.

If it's still not fixed I'll have a chat with the other experts to see if they have any suggestions.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 26th, 2009, 8:26 am

My PC runs just fine, I have the factory reinstallation DVD. I do not want to wipe out my computer and start over if that is where you are heading. I asked if you thought it could be in the registry as perhaps a search command has been overwritten. Have you ruled that out? thanx
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 26th, 2009, 8:36 am

I do not want to wipe out my computer and start over if that is where you are heading.
Don't worry - I was absolutely not heading there ;)

Have you ruled that out?
Not yet entirely. Are you still getting redirects? If so, could you please post the full URL to which you are being redirected?

Also re-run RSIT and post the log. You won't get info.txt this time.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 26th, 2009, 8:44 am

I am still being redirected, the search term was "cat". Here is the site/result.
tp://search.dnsadvantage.com/main?AddIn ... archQuery=
RSIT below
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jeff at 2009-03-26 08:42:33
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 208 GB (72%) free of 290 GB
Total RAM: 3325 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:40 AM, on 3/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQ6BUFL\RSIT[1].exe
C:\Program Files\trend micro\Jeff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

--
End of file - 9449 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-03-17 5911368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-17 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-17 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-25 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-03-17 5911368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-17 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-18 227840]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-09 1601304]
"Bluetooth HCI Monitor"=RunDll32 HCIMNTR.DLL,RunCheckHCIMode []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SNM"=C:\Program Files\SpyNoMore\SNM.exe /startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-25 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2007-10-30 16200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6700DMon]
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe [2006-03-16 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-14 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-02-13 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-24 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-25 20:30:53 ----D---- C:\Users\Jeff\AppData\Roaming\OpenOffice.org
2009-03-25 08:18:31 ----A---- C:\Windows\system32\javaws.exe
2009-03-25 08:18:31 ----A---- C:\Windows\system32\javaw.exe
2009-03-25 08:18:31 ----A---- C:\Windows\system32\java.exe
2009-03-24 20:04:31 ----D---- C:\rsit
2009-03-22 09:18:15 ----D---- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2009-03-22 09:18:11 ----D---- C:\ProgramData\Malwarebytes
2009-03-22 09:18:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-22 08:09:57 ----D---- C:\Program Files\JRE
2009-03-22 08:09:56 ----D---- C:\Program Files\OpenOffice.org 3
2009-03-16 15:03:31 ----D---- C:\Program Files\Trend Micro
2009-03-16 14:48:34 ----D---- C:\Avenger
2009-03-16 14:48:34 ----A---- C:\avenger.txt
2009-03-10 15:02:20 ----A---- C:\Windows\system32\wmp.dll
2009-03-10 15:02:19 ----A---- C:\Windows\system32\spwmp.dll
2009-03-10 15:02:18 ----A---- C:\Windows\system32\wmploc.DLL
2009-03-10 15:02:18 ----A---- C:\Windows\system32\dxmasf.dll
2009-03-10 15:02:16 ----A---- C:\Windows\system32\schannel.dll
2009-03-09 16:04:02 ----D---- C:\Users\Jeff\AppData\Roaming\Lavasoft
2009-03-09 16:03:51 ----D---- C:\Program Files\Lavasoft

======List of files/folders modified in the last 1 months======

2009-03-26 08:42:37 ----D---- C:\Windows\Temp
2009-03-26 08:42:31 ----D---- C:\Windows\Prefetch
2009-03-26 08:21:46 ----D---- C:\Users\Jeff\AppData\Roaming\MailWasherPro
2009-03-26 08:21:10 ----SHD---- C:\System Volume Information
2009-03-26 08:21:01 ----D---- C:\Windows\system32\drivers
2009-03-26 08:21:00 ----D---- C:\Windows\System32
2009-03-26 08:19:11 ----D---- C:\Windows\inf
2009-03-26 08:19:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-26 08:16:50 ----D---- C:\Windows\Tasks
2009-03-26 08:16:17 ----A---- C:\Windows\system32\avgrsstx.dll
2009-03-25 09:18:12 ----D---- C:\ProgramData\Google Updater
2009-03-25 08:18:39 ----SHD---- C:\Windows\Installer
2009-03-25 08:18:14 ----A---- C:\Windows\system32\deploytk.dll
2009-03-25 08:07:21 ----D---- C:\Program Files\Java
2009-03-25 08:07:19 ----D---- C:\Program Files\Common Files
2009-03-25 08:04:27 ----D---- C:\Program Files\Coupons
2009-03-24 07:16:11 ----D---- C:\Windows\system32\Tasks
2009-03-24 04:34:52 ----RD---- C:\Program Files
2009-03-22 12:12:29 ----D---- C:\Windows
2009-03-22 09:18:11 ----HD---- C:\ProgramData
2009-03-22 08:10:52 ----RSD---- C:\Windows\assembly
2009-03-22 08:10:08 ----RSD---- C:\Windows\Fonts
2009-03-22 08:09:43 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-03-22 08:00:41 ----D---- C:\Users\Jeff\AppData\Roaming\OpenOffice.org2
2009-03-20 07:57:14 ----D---- C:\Program Files\PhotoELF
2009-03-17 20:23:46 ----D---- C:\ProgramData\Adobe
2009-03-17 20:23:44 ----D---- C:\Program Files\Common Files\Adobe
2009-03-17 03:01:23 ----D---- C:\Windows\system32\catroot2
2009-03-13 21:13:18 ----D---- C:\Windows\winsxs
2009-03-13 21:13:18 ----D---- C:\Program Files\Windows Mail
2009-03-13 21:05:36 ----D---- C:\Windows\system32\Msdtc
2009-03-13 21:05:36 ----D---- C:\Windows\servicing
2009-03-13 21:05:30 ----D---- C:\Windows\system32\wbem
2009-03-13 21:03:55 ----D---- C:\Windows\system32\config
2009-03-13 21:03:38 ----D---- C:\Program Files\Windows Defender
2009-03-13 21:03:37 ----D---- C:\Windows\system32\spool
2009-03-13 21:03:36 ----D---- C:\Windows\system32\CodeIntegrity
2009-03-13 21:03:31 ----SD---- C:\ProgramData\Microsoft
2009-03-13 21:03:31 ----D---- C:\ProgramData\FLEXnet
2009-03-13 21:03:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-03-13 21:03:29 ----D---- C:\Windows\registration
2009-03-11 22:16:56 ----D---- C:\Windows\system32\catroot
2009-03-11 12:40:43 ----HD---- C:\$AVG8.VAULT$
2009-03-11 03:06:50 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-03-26 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-09 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-03-26 108552]
R2 Machnm32;Machnm32 Driver; \??\C:\Windows\system32\Machnm32.sys [2003-08-13 2304]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-14 3151872]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-02-04 79664]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-04 80688]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-04 16432]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2007-04-13 228224]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-18 31616]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys []
S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 yeddef;YEDDEF driver; C:\Windows\System32\Drivers\yeddef.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-09 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-09 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-16 654848]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-08-11 16680]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-14 610304]

-----------------EOF-----------------
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 26th, 2009, 8:56 am

I received this link from the DNS site that my searches end up at. It is allegedly instructions on how to opt out of this problem. Obviously they are aware of it, probably because they created it! I tried following the instructions and ended up with no search at all! My computer would not open any page. IE would not open.
http://www.advantageoptout.com/
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 26th, 2009, 9:01 am

I had just prepared a fix for you and now you say IE won't open.... :(

Let's try things the easy way first.
You have Windows Defender running
This is good as Windows Defender protects you from many malicious changes to your registry. However, Windows Defender is a computer program, which has no way of distinguishing between good or malicous intentions; this means it might hinder the modifications I need to make to your system.

This means that Windows Defender will need to be disabled until you have been cleaned of malware.

  1. Double-click on the Windows Defender icon in your system tray. It looks like this: Image
  2. Click Tools at the top of the window.
  3. Click Options (under the heading Settings)
  4. Uncheck Automatically scan my computer (recommended) under Automatic scanning
  5. Uncheck Use real-time protection (recommended) under Real-time protection options
  6. Click Save to save your settings.

When I give you the all-clear post, remember to reenable it!

Now uninstall Internet Explorer through Add/Remove programs.

Download and install Internet Explorer again:
Version 7: http://www.microsoft.com/windows/produc ... fault.mspx
Brand new Version 8: http://www.microsoft.com/windows/intern ... fault.aspx
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 26th, 2009, 3:04 pm

I was not clear in what I said. IE will work now. It didnt work after I tried their fix. I did a system restore to make it work again. InternetExplorer IS working.
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 26th, 2009, 3:13 pm

So you did a system restore and IE is working now?
I presume the redirects are back?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 26th, 2009, 7:59 pm

I did the system restore before I ever posted on this site. I had the redirects before and after the system restore. I also chose a restore point well before the redirects occured. Yes, I still have the redirects. Did you examine the instructions from DNS? Either I did them wrong or they do not work.
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 28th, 2009, 5:26 am

I've conferred with some fellow malware experts, and we have concluded that the following seem the best things we can try:

1. Delete this folder: C:\Program Files\Coupons

2. Click Start>Run and copy and paste this:
Code: Select all
notepad \windows\system32\drivers\etc\hosts

A file will open, copy and paste the contents into your next post.
If the file's contents are overly large, please only copy and paste the first 20 or so lines after '127.0.0.1 localhost'.

3. I would like you to try to reset your router or modem (whichever is applicable). Please consult the manual which came with the product for information on how to do so.
Reboot your computer after performing this step.

4. Disable Windows Defender as per the instructions I gave you a few posts ago if you haven't disabled it already.

5. Now please opt-out of DNSadvantage as you did before. If something does not look right, please write down the actions you're taking.

6. If Internet Explorer is not working after having completed the opt-out-process, please reinstall it as per the instructions I gave you a few posts ago.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 28th, 2009, 6:52 am

I am a little confused. In the above post you are telling me to first UNinstall IE through add remove programs then you say download IE 7 or IE 8. I cannot download anything if I cannot get on the internet due to deletion of my currently running IE &, can I? Further, I went to the link for IE7 and there is not a download link there as the site says that IE 7 is already on my computer. I did download and save IE 8 to my desktop. I might not want to upgrade to IE 8 so I want to have IE 7 standing by. Another thing, there is not a Windows Defender icon in my system tray. I am able to go to
programs
Windows Defender
tools
and see the option there to uncheck the items you mentioned
I have deleted the coupons file and know how to reboot my modem.
The opt out process supplied by DNS was a multi step procedure which resulted in my being unable to access the internet. The reason was that the IP addresses were changed to something that was not a ping to a search server? I do not know enough computer language to use the correct words. I have an IP and so do all Gods children. There was a setting for an IP for my computer to go to which I was told to change. Upo peforming that change the new IP was a dead end. There was nothing there so IE would not open. If you would go to this link and follow the steps you will see what I mean.
http://www.advantageoptout.com
I await further instructions.thanx
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 28th, 2009, 7:15 am

When you uninstalled IE it should have reverted to the super-old IE version 6 which came with your Windows installation. It's impossible to truly uninstall IE, it's too deeply integrated into Windows.

Click Start>Run and enter iexplore
click OK and tell me what happens.

I did review the steps and the only thing I see is that they change your DNS servers to use something different from DNSadvantage. I don't see instructions for changing your IP address.

Could you please perform step #1 and post the contents of the c:\windows\system32\drivers\etc\hosts file?

Post:
- what happened when you clicked start>run and entered iexplore
- contents of the hosts file
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: I have something wrong DNS Advantage -search

Unread postby jeffs55 » March 28th, 2009, 8:10 am

I might be a couple of days before I can get to this. I am sure you will understand that I need to have uninterrupted time available. So, you have no doubt that I will still be able to go online even after I UNinstall IE? This sure scares me. I am going to create a restore point before I do any of this. :?
jeffs55
Regular Member
 
Posts: 38
Joined: March 16th, 2009, 3:08 pm

Re: I have something wrong DNS Advantage -search

Unread postby Odd dude » March 28th, 2009, 8:32 am

That is good practice and okay to do.

I understand your situation, take as much time as you need.

The only thing I am sure of regarding IE is that it is impossible to remove. I cannot ensure that removing IE will get you back online, because, as you're already aware, something is awry with your DNS settings.

If you have a cd-burner in your computer and a fast internet connection you may want to download Ubuntu: http://www.ubuntu.com
Ubuntu is a linux distribution, which is an operating system which can run right off the CD. I understand your Windows is now not exactly useable, so if you need the internet but can't use Windows all you'd need to do is put the Ubuntu CD in the tray, reboot, and then you can use the internet from within Linux.
One warning: not for novice users, as you'll have to set up the internet connection yourself.

That was the positive thing of Ubuntu. The negative thing is that it's a 700MB download.

Just let me know when you're ready to continue. I'll be waiting for you.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware