Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected by Google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected by Google

Unread postby twinkel_toez » July 23rd, 2010, 3:39 pm

ComboFix 10-07-22.06 - User 23/07/2010 19:49:20.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.305 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 19:27 . 2010-07-23 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 19:27 . 2010-07-23 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-20 21:43 . 2010-07-20 21:47 -------- d-----w- C:\MGADiagToolOutput
2010-07-20 21:42 . 2010-07-20 21:42 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-16 15:56 . 2010-07-16 15:56 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-15 15:26 . 2010-07-15 15:26 -------- d-----w- c:\program files\Trend Micro
2010-07-14 20:42 . 2010-07-23 19:27 -------- d-----w- c:\users\User\AppData\Local\temp
2010-07-14 18:09 . 2010-07-14 18:09 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-07-14 18:07 . 2010-07-14 18:07 -------- d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25 . 2010-07-14 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-13 13:25 . 2010-07-13 13:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 13:09 . 2010-07-13 13:09 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software
2010-07-13 08:22 . 2010-07-14 19:41 -------- dc-h--w- c:\programdata\~0
2010-07-13 08:21 . 2010-07-14 19:39 -------- d-----w- c:\programdata\Lavasoft
2010-07-12 17:02 . 2010-07-14 20:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 17:02 . 2010-07-14 19:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 16:47 . 2010-07-12 16:47 -------- d-----w- c:\users\User\AppData\Roaming\widestream
2010-07-12 16:47 . 2010-07-12 21:42 -------- d-----w- c:\users\User\AppData\Local\widestream6 Air
2010-07-12 16:46 . 2010-07-12 21:45 -------- d-----w- c:\program files\Widestream6
2010-07-12 16:45 . 2010-07-14 18:04 -------- d-----w- c:\users\User\AppData\Roaming\OfferBox
2010-07-12 14:00 . 2010-07-12 14:00 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-07-11 21:53 . 2010-07-11 21:53 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!
2010-07-11 21:53 . 2010-07-12 11:17 -------- d-----w- c:\program files\Yahoo!
2010-07-11 21:51 . 2010-07-11 21:51 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb43D3.tmp.exe
2010-07-03 07:03 . 2010-07-03 07:03 -------- d-----w- c:\users\User\AppData\Roaming\Trusteer
2010-07-03 07:02 . 2010-07-03 07:02 -------- d-----w- c:\program files\Trusteer
2010-07-03 06:30 . 2010-07-03 06:30 -------- d-----w- c:\programdata\Trusteer
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-24 02:01 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 18:22 . 2010-04-13 21:12 -------- d-----w- c:\programdata\Lx_cats
2010-07-20 21:20 . 2009-04-26 11:35 -------- d-----w- c:\program files\Vuze
2010-07-20 13:36 . 2010-03-14 17:21 -------- d-----w- c:\programdata\WinZip
2010-07-15 06:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 08:33 . 2009-10-25 08:06 -------- d-----w- c:\program files\Google
2010-07-11 21:57 . 2009-04-26 11:35 -------- d-----w- c:\users\User\AppData\Roaming\Azureus
2010-06-27 02:04 . 2009-04-22 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 13:47 . 2010-06-13 13:47 -------- d-----w- c:\programdata\Lexmark S300-S400 Series
2010-06-13 13:33 . 2009-04-26 08:36 -------- d-----w- c:\users\User\AppData\Roaming\FUJIFILM
2010-06-08 19:50 . 2009-12-30 12:46 174 ----a-w- c:\users\User\AppData\Roaming\Azureus\restart.bat
2010-05-26 16:16 . 2010-06-11 16:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 16:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59 . 2010-06-11 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 16:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 16:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 16:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-11 16:52 2036224 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
"Lexmark S300-S400 Series Fax Server"="c:\program files\Lexmark S300-S400 Series\fm3032.exe" [2009-04-29 316072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-4-26 303104]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-10-13 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD LT Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD LT Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2005-03-16 18:16 970752 ----a-w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-04-19 14:44 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-01-07 98984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-04 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100721.003\IDSvix86.sys [2010-05-28 344112]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-01-07 598696]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:23]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 20:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-07-23 20:35:05
ComboFix-quarantined-files.txt 2010-07-23 19:35
ComboFix2.txt 2010-07-14 20:42

Pre-Run: 38,010,003,456 bytes free
Post-Run: 37,342,674,944 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 91CB4D659FD828567194BFB175B05DE3
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm
Advertisement
Register to Remove

Re: Redirected by Google

Unread postby km2357 » July 23rd, 2010, 7:39 pm

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    Folder::
    
    c:\program files\Vuze
    c:\users\User\AppData\Roaming\Azureus
    
    DDS::
    
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on twinkeltoez's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 24th, 2010, 1:19 pm

combo fix log

ComboFix 10-07-23.04 - User 24/07/2010 14:39:51.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.266 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_3.1.6.jar
c:\program files\Vuze\plugins\azemp\azemp_3.1.6.zip
c:\program files\Vuze\plugins\azemp\libmprCanvas_1.2.jar
c:\program files\Vuze\plugins\azemp\plugin.properties.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_3.1.6
c:\program files\Vuze\plugins\azemp\vuzeplayer.exe
c:\program files\Vuze\plugins\azupdater\azupdater_1.8.10.zip
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.10.jar
c:\program files\Vuze\plugins\azupdater\Azureus2_4.2.0.8_P4.pat
c:\program files\Vuze\plugins\azupdater\plugin.properties.bak
c:\program files\Vuze\plugins\azupdater\plugin.properties_1.8.10
c:\program files\Vuze\plugins\azupdater\Updater.jar.bak
c:\users\User\AppData\Roaming\Azureus
c:\users\User\AppData\Roaming\Azureus\.certs
c:\users\User\AppData\Roaming\Azureus\.keystore
c:\users\User\AppData\Roaming\Azureus\.lock
c:\users\User\AppData\Roaming\Azureus\active\39CCB7654D665877344BAA00727FBA31E62273E5.dat
c:\users\User\AppData\Roaming\Azureus\active\5A60BF4E7D2608BDD76B453E38DEF63ED1192427.dat
c:\users\User\AppData\Roaming\Azureus\active\B30EAEF8FEFAB6C22CD877CE1820759D9679B665.dat
c:\users\User\AppData\Roaming\Azureus\active\BE939B2A91D9765107452687AC840BD6E4496FD6.dat
c:\users\User\AppData\Roaming\Azureus\active\E19E4C43778EF6BF3EBA221A663BD619D0916672.dat
c:\users\User\AppData\Roaming\Azureus\azureus.config
c:\users\User\AppData\Roaming\Azureus\azureus.statistics
c:\users\User\AppData\Roaming\Azureus\banips.config
c:\users\User\AppData\Roaming\Azureus\cache\1191085919.ico
c:\users\User\AppData\Roaming\Azureus\cnetworks.config
c:\users\User\AppData\Roaming\Azureus\devices.config
c:\users\User\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\User\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\User\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\User\AppData\Roaming\Azureus\dht\general.dat
c:\users\User\AppData\Roaming\Azureus\dht\version.dat
c:\users\User\AppData\Roaming\Azureus\downloads.config
c:\users\User\AppData\Roaming\Azureus\ipfilter.cache
c:\users\User\AppData\Roaming\Azureus\metasearch.config
c:\users\User\AppData\Roaming\Azureus\net\pm_4589.dat
c:\users\User\AppData\Roaming\Azureus\net\pm_5607.dat
c:\users\User\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\User\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
c:\users\User\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
c:\users\User\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\User\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
c:\users\User\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\User\AppData\Roaming\Azureus\rcm.config
c:\users\User\AppData\Roaming\Azureus\restart.bat
c:\users\User\AppData\Roaming\Azureus\sidebarauto.config
c:\users\User\AppData\Roaming\Azureus\subs\2DF43E7396E6157D8CE5.vuze
c:\users\User\AppData\Roaming\Azureus\subs\447229A3A371779E8871.vuze
c:\users\User\AppData\Roaming\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\users\User\AppData\Roaming\Azureus\subs\AD8051E73A76B5270EC8.vuze
c:\users\User\AppData\Roaming\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\users\User\AppData\Roaming\Azureus\subs\ED7A4A68D27A7C72BABE.vuze
c:\users\User\AppData\Roaming\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\users\User\AppData\Roaming\Azureus\subscriptions.config
c:\users\User\AppData\Roaming\Azureus\tables.config
c:\users\User\AppData\Roaming\Azureus\torrents\Alexandra_Burke_-_Bad_Boys_(Feat._Flo_Rida)_[CDQ]-TNas11.5070136.TPB[1].torrent
c:\users\User\AppData\Roaming\Azureus\torrents\AZU2053049898956482614.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU2253526444076906552.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU3202941109865755485.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU4201269490205810498.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU5076894873355767491.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU5443881397863975297.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU5446792128699167658.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU5782899679219733785.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU6248771593299757404.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU6754552735642625296.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU7203920514158220090.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU7435262704937414297.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU7569217135114073202.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU7789703446376998422.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\AZU939965718990597342.tmp
c:\users\User\AppData\Roaming\Azureus\torrents\Black_Eyed_Peas_-_E.N.D._Deluxe_Edition_CDRip_-_SuperChasin.5472797.TPB.torrent
c:\users\User\AppData\Roaming\Azureus\torrents\Black_Eyed_Peas_-_Meet_Me_Halfway.5147683.TPB.torrent
c:\users\User\AppData\Roaming\Azureus\torrents\James_Morrison_-Songs_For_You..[2008][CD_2_SkidVid_XviD_Cov]320K.4636310.TPB[1].torrent
c:\users\User\AppData\Roaming\Azureus\torrents\VA.-.Floorfillers.2010.The.Biggest.Dance.Hits.Of.The.Year.2CDs.(.5186650.TPB[1].torrent
c:\users\User\AppData\Roaming\Azureus\update.properties
c:\users\User\AppData\Roaming\Azureus\VuzeActivities.config

.
((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-24 14:36 . 2010-07-24 14:43 -------- d-----w- c:\users\User\AppData\Local\temp
2010-07-24 14:36 . 2010-07-24 14:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-24 14:36 . 2010-07-24 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-20 21:43 . 2010-07-20 21:47 -------- d-----w- C:\MGADiagToolOutput
2010-07-20 21:42 . 2010-07-20 21:42 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-07-15 15:26 . 2010-07-15 15:26 -------- d-----w- c:\program files\Trend Micro
2010-07-14 18:09 . 2010-07-14 18:09 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2010-07-14 18:07 . 2010-07-14 18:07 -------- d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25 . 2010-07-14 19:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-13 13:25 . 2010-07-13 13:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 13:09 . 2010-07-13 13:09 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software
2010-07-13 08:22 . 2010-07-14 19:41 -------- dc-h--w- c:\programdata\~0
2010-07-13 08:21 . 2010-07-14 19:39 -------- d-----w- c:\programdata\Lavasoft
2010-07-12 17:02 . 2010-07-14 20:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 17:02 . 2010-07-14 19:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 16:47 . 2010-07-12 16:47 -------- d-----w- c:\users\User\AppData\Roaming\widestream
2010-07-12 16:47 . 2010-07-12 21:42 -------- d-----w- c:\users\User\AppData\Local\widestream6 Air
2010-07-12 16:46 . 2010-07-12 21:45 -------- d-----w- c:\program files\Widestream6
2010-07-12 16:45 . 2010-07-14 18:04 -------- d-----w- c:\users\User\AppData\Roaming\OfferBox
2010-07-12 14:00 . 2010-07-12 14:00 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-07-11 21:53 . 2010-07-11 21:53 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!
2010-07-11 21:53 . 2010-07-12 11:17 -------- d-----w- c:\program files\Yahoo!
2010-07-03 07:03 . 2010-07-03 07:03 -------- d-----w- c:\users\User\AppData\Roaming\Trusteer
2010-07-03 07:02 . 2010-07-03 07:02 -------- d-----w- c:\program files\Trusteer
2010-07-03 06:30 . 2010-07-03 06:30 -------- d-----w- c:\programdata\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 18:22 . 2010-04-13 21:12 -------- d-----w- c:\programdata\Lx_cats
2010-07-20 13:36 . 2010-03-14 17:21 -------- d-----w- c:\programdata\WinZip
2010-07-16 15:56 . 2010-07-16 15:56 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-15 06:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 08:33 . 2009-10-25 08:06 -------- d-----w- c:\program files\Google
2010-07-11 21:51 . 2010-07-11 21:51 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb43D3.tmp.exe
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-06-27 02:04 . 2009-04-22 14:34 -------- d-----w- c:\program files\Microsoft.NET
2010-06-13 13:47 . 2010-06-13 13:47 -------- d-----w- c:\programdata\Lexmark S300-S400 Series
2010-06-13 13:33 . 2009-04-26 08:36 -------- d-----w- c:\users\User\AppData\Roaming\FUJIFILM
2010-05-26 16:16 . 2010-06-11 16:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 16:55 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59 . 2010-06-11 16:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 16:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 16:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 16:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-11 16:52 2036224 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
"Lexmark S300-S400 Series Fax Server"="c:\program files\Lexmark S300-S400 Series\fm3032.exe" [2009-04-29 316072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-4-26 303104]
VideoCam Suite 2.0.lnk - c:\program files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2009-10-13 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD LT Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD LT Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2005-03-16 18:16 970752 ----a-w- c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxczbmgr.exe]
2007-04-19 14:44 74672 ----a-w- c:\program files\Lexmark 1200 Series\LXCZbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 135664]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2010-01-07 98984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-04 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100723.001\IDSvix86.sys [2010-05-28 344112]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-01-07 598696]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:23]

2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 08:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 15:43
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6292)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2010-07-24 15:52:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 14:52
ComboFix2.txt 2010-07-23 19:35
ComboFix3.txt 2010-07-14 20:42

Pre-Run: 37,225,078,784 bytes free
Post-Run: 37,293,608,960 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F585F9A9A5B438E7F23770CE6F7CE011
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 24th, 2010, 1:37 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 18:26:06.89 on 24/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.310 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Lexmark S300-S400 Series Fax Server] "c:\program files\lexmark s300-s400 series\fm3032.exe" /s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100723.001\IDSvix86.sys [2010-7-24 344112]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-4 117640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-4 48688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 135664]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-4-13 98984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-07-24 14:41:27 0 d-----w- C:\$RECYCLE.BIN
2010-07-23 18:45:07 98816 ----a-w- c:\windows\sed.exe
2010-07-23 18:45:07 77312 ----a-w- c:\windows\MBR.exe
2010-07-23 18:45:07 256512 ----a-w- c:\windows\PEV.exe
2010-07-23 18:45:07 161792 ----a-w- c:\windows\SWREG.exe
2010-07-20 21:43:25 0 d-----w- C:\MGADiagToolOutput
2010-07-20 21:42:03 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-20 14:20:21 204020035 ----a-w- c:\windows\MEMORY.DMP
2010-07-15 15:26:56 0 d-----w- c:\program files\Trend Micro
2010-07-14 18:09:27 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-07-14 18:07:48 0 d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 08:22:55 0 dc-h--w- c:\programdata\~0
2010-07-13 08:21:50 0 d-----w- c:\programdata\Lavasoft
2010-07-12 17:02:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 17:02:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 16:47:43 0 d-----w- c:\users\user\appdata\roaming\widestream
2010-07-12 16:46:21 0 d-----w- c:\program files\Widestream6
2010-07-12 16:45:18 0 d-----w- c:\users\user\appdata\roaming\OfferBox
2010-07-11 21:53:33 0 d-----w- c:\program files\Yahoo!
2010-07-03 07:03:22 0 d-----w- c:\users\user\appdata\roaming\Trusteer
2010-07-03 07:02:53 0 d-----w- c:\program files\Trusteer
2010-07-03 06:30:21 0 d-----w- c:\programdata\Trusteer

==================== Find3M ====================

2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 18:28:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-30 18:28:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-30 18:28:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-29 02:03:00 98504 ----a-w- c:\windows\fonts\consola.ttf
2010-04-29 02:03:00 97752 ----a-w- c:\windows\fonts\leelawad.ttf
2010-04-29 02:03:00 89656 ----a-w- c:\windows\fonts\browa.ttf
2010-04-29 02:03:00 64648 ----a-w- c:\windows\fonts\upckb.ttf
2010-04-29 02:03:00 57100 ----a-w- c:\windows\fonts\upclbi.ttf
2010-04-29 02:03:00 56752 ----a-w- c:\windows\fonts\upcli.ttf
2010-04-29 02:03:00 5178844 ----a-w- c:\windows\fonts\kaiu.ttf
2009-02-21 17:27:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-12 21:09:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-02-16 08:37:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-13 21:28:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat

============= FINISH: 18:27:35.35 ===============
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 24th, 2010, 11:23 pm

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java(TM) 6 Update 7

    Java(TM) 6 Update 15


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Right-Click on ATF Cleaner.exe and choose Run As Administrator to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Step # 3 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here.

Right-Click on mbam-setup.exe and choose Run as Administrator to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Post the MalwareBytes' Log in your next post/reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 25th, 2010, 10:00 am

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

25/07/2010 14:40:30
mbam-log-2010-07-25 (14-40-30).txt

Scan type: Quick scan
Objects scanned: 127548
Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 25th, 2010, 1:06 pm

Your Adobe Reader is out of date. Open up Adobe Reader, click Help then click Check for Updates. Once Adobe Reader is done checking for updates, have it download and install the update for Adobe Reader 9.3.3.


Step # 1: Run Kaspersky Online Scan

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.


In your next post/reply, I need to see the following:

1. The Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 25th, 2010, 3:56 pm

Hi there

thanks for all your hep so far. With regards to the step above, i do not have the option to run internet explorer as administrator.

Look forward to hearing from you with regards as what to do next

Tina
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 25th, 2010, 10:48 pm

Ok, try opening up Internet Explorer normally by double-clicking it and then go the Kaspersky website linked in my previous post and follow my previous instructions. :)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 26th, 2010, 5:21 pm

DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 22:16:08.37 on 26/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.893.375 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\lxeacoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\User\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [Lexmark S300-S400 Series Fax Server] "c:\program files\lexmark s300-s400 series\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-4 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-4 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-4 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100723.001\IDSvix86.sys [2010-7-24 344112]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-6 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-2-4 48688]

============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-07-25 18:28:33 0 d-----w- c:\programdata\NOS
2010-07-25 13:29:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-25 13:29:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 13:29:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-25 13:04:14 0 d-----w- c:\programdata\Sun
2010-07-25 13:02:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 14:41:27 0 d-----w- C:\$RECYCLE.BIN
2010-07-23 18:45:07 98816 ----a-w- c:\windows\sed.exe
2010-07-23 18:45:07 77312 ----a-w- c:\windows\MBR.exe
2010-07-23 18:45:07 256512 ----a-w- c:\windows\PEV.exe
2010-07-23 18:45:07 161792 ----a-w- c:\windows\SWREG.exe
2010-07-20 21:43:25 0 d-----w- C:\MGADiagToolOutput
2010-07-20 21:42:03 0 d-----w- c:\programdata\Office Genuine Advantage
2010-07-20 14:20:21 204020035 ----a-w- c:\windows\MEMORY.DMP
2010-07-15 15:26:56 0 d-----w- c:\program files\Trend Micro
2010-07-14 18:09:27 0 d-----w- c:\users\user\appdata\roaming\Malwarebytes
2010-07-14 18:07:48 0 d-----w- c:\programdata\Malwarebytes
2010-07-13 13:25:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-13 08:22:55 0 dc-h--w- c:\programdata\~0
2010-07-13 08:21:50 0 d-----w- c:\programdata\Lavasoft
2010-07-12 17:02:09 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-12 17:02:09 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 16:47:43 0 d-----w- c:\users\user\appdata\roaming\widestream
2010-07-12 16:46:21 0 d-----w- c:\program files\Widestream6
2010-07-12 16:45:18 0 d-----w- c:\users\user\appdata\roaming\OfferBox
2010-07-11 21:53:33 0 d-----w- c:\program files\Yahoo!
2010-07-03 07:03:22 0 d-----w- c:\users\user\appdata\roaming\Trusteer
2010-07-03 07:02:53 0 d-----w- c:\program files\Trusteer
2010-07-03 06:30:21 0 d-----w- c:\programdata\Trusteer

==================== Find3M ====================

2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 18:28:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-30 18:28:49 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-30 18:28:00 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-29 02:03:00 98504 ----a-w- c:\windows\fonts\consola.ttf
2010-04-29 02:03:00 97752 ----a-w- c:\windows\fonts\leelawad.ttf
2010-04-29 02:03:00 89656 ----a-w- c:\windows\fonts\browa.ttf
2010-04-29 02:03:00 64648 ----a-w- c:\windows\fonts\upckb.ttf
2010-04-29 02:03:00 57100 ----a-w- c:\windows\fonts\upclbi.ttf
2010-04-29 02:03:00 56752 ----a-w- c:\windows\fonts\upcli.ttf
2010-04-29 02:03:00 5178844 ----a-w- c:\windows\fonts\kaiu.ttf
2009-02-21 17:27:55 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-12 21:09:14 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-12 21:09:14 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-02-16 08:37:23 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-13 21:28:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010041320100414\index.dat

============= FINISH: 22:18:21.09 ===============
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 26th, 2010, 5:22 pm

Kaspersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 26, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 26, 2010 12:22:04
Records in database: 4199258
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 123882
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 05:47:53


File name / Threat / Threats count
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\51ba021c-4643ee9a Infected: Exploit.Java.Agent.n 1
C:\Users\User\Desktop\ComboFix.exe Infected: Trojan-Clicker.Win32.Wistler.a 1

Selected area has been scanned.
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby twinkel_toez » July 26th, 2010, 5:23 pm

Im not being directed by google anymore, but my computer is still running slow.
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 26th, 2010, 7:54 pm

Good to hear that you're not being redirected anymore. :)

Regarding the slowness of the computer, you can do a few things:

1. How much RAM does your computer have? If its low, then adding more RAM will speed up your computer.

2. You can also go to start > control panel > programs and features and uninstall any programs/games you no longer need/use.

3. You can also follow the steps at the website below to see if they help:

http://www.malwareremoval.com/tutorials ... slowly.php


I'd also like for you to do the following:


Step # 1 Clear Java's Cache

Click Start > Control Panel

  • Double-click the Java icon in the control panel. (coffeecup icon)
  • Click Settings under Temporary Internet Files.

    -The Temporary Files Settings dialog box appears.

  • Click Delete Files.

    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.

  • Applications and Applets
  • Trace and Log Files

Make sure both are checked

Click OK on Delete Temporary Files window.

-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Close the Java Control Panel
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Redirected by Google

Unread postby twinkel_toez » July 27th, 2010, 3:01 am

Ok, ive done the java deleting step. Can i now delete all the programmes i have downloaded to my desktop for all the processes we have gone through, or should they be kept?

Ill have a look at the slow computer link you provided, thankyou!


many thanks for all your help, no doubt you have saved me a fortune that i would have spent to clean it up, if i hadn't found this website, so thankyou again. I really appreciate all your help. :)
twinkel_toez
Regular Member
 
Posts: 23
Joined: July 14th, 2010, 5:04 pm

Re: Redirected by Google

Unread postby km2357 » July 27th, 2010, 2:56 pm

Ok, ive done the java deleting step. Can i now delete all the programmes i have downloaded to my desktop for all the processes we have gone through, or should they be kept?


I'll let you know which programs/files you can delete in this post. :)

Ill have a look at the slow computer link you provided, thankyou!


If the steps at the slow computer link don't help, here are some general troubleshooting forums you can join and ask for more help with your computer being slow:

Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require free registration before posting for help.

If you do join and post at one of the above forums, let them know about this thread.


If there are no more problems, you're good to go. :)


Since your computer looks to be clean, now would be a good time to upgrade to Windows Vista SP2. To do that, go to Windows Update and download and install SP2. Once that is done, reboot your computer and go back to Windows Update and download all the critical updates listed. Reboot once they are installed and repeat until there are no more critical updates left to download.


You can delete the following off of your computer:

DDS.scr
DDS.pif
The two DDS Logs
GMER.zip
GMER.exe
WinDiagCheck.exe
WVCheck.exe
The WVCheck Log
SysProt.zip
SysProt.exe
The SysProt Log



To remove ComboFix, do the following:

Open up the Run command by pressing the Windows Button and R button at the same time. The Windows Button is at the bottom left of the keyboard between the Ctrl and Alt buttons.

Once the Run command window opens type in ComboFix /Uninstall & click OK.

Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Hide system files

  1. Right click on the Start menu and select Explore.
  2. Press the Alt button
  3. Click on Tools > Folder Options....
  4. Select the View tab.
  5. Under Hidden files and folders, select Do not show hidden files and folders.
  6. Check (tick) these two boxes:
      Hide extensions for known file types
      Hide protected operating system files (Recommended)
  7. Click Yes when Windows prompts.
  8. Click OK to apply the settings.

Flush the system restore points

  1. Click on Start.
  2. Right click on Computer and select Properties.
  3. Click on System Protection under Tasks section.
  4. Uncheck (untick) all the boxes under Create restore points automatically on the selected disks section.
  5. Click OK.
  6. Restart your computer.

After restarting your computer, follow these steps:

  1. Click on Start.
  2. Right click on Computer and select Properties.
  3. Click on System Protection under Tasks section.
  4. Check (tick) all the boxes under Create restore points automatically on the selected disks section.
  5. Click OK.
  6. Restart your computer.

Note: Do this only ONCE, don't flush it regularly.

Enable UAC

While UAC in Vista is certainly annoying to some extent, it offers some protection for Windows. Here's an explanation - http://www.dcr.net/~w-clayton/Vista/UAC ... zation.htm

  1. Click on Start > Control Panel.
  2. Double click on User Accounts.
  3. Under Make changes to your user account, click on Turn User Account Control on or off.
  4. Check (tick) this box: Use User Account Control (UAC) to help protect the computer.
  5. Click OK.

Keep your system updated

Update Windows

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this article to learn how to backup. To restore them, see this article.

If you are using Vista Business, Vista Ultimate or Vista Enterprise, you might want to back up your whole computer instead. See here on how to do it.

To restore, see this tutorial.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.
  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.


    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox
Opera
K-Meleon

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips

Please reply one last time so that I know you have read my post and this thread can be closed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware