Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Re-directs Computer Running Slow, Sudden Mouse Moveme

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby deltalima » January 16th, 2011, 7:09 am

Hi mrlucky.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Right click on MBRCheck.exe and select: Run as Administrator.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    Nslookup www.malwarebytes.org >> results.txt 
    Nslookup www.safer-networking.org >> results.txt 
    Nslookup www.google.com >> results.txt
    Nslookup www.google.co.uk  >> results.txt
    Ping www.malwarebytes.org >> results.txt 
    ping www.safer-networking.org >> results.txt 
    ping www.google.com >> results.txt 
    ping www.google.co.uk >> results.txt 
    start notepad results.txt 
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Right click the file xxx.bat and select: Run as Administrator.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby mrlucky » January 16th, 2011, 8:16 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 189):
0x8241E000 \SystemRoot\system32\ntoskrnl.exe
0x827C9000 \SystemRoot\system32\hal.dll
0x86400000 \SystemRoot\system32\kdcom.dll
0x86407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x86477000 \SystemRoot\system32\PSHED.dll
0x86488000 \SystemRoot\system32\BOOTVID.dll
0x86490000 \SystemRoot\system32\CLFS.SYS
0x864D1000 \SystemRoot\system32\CI.dll
0x865B1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86622000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86630000 \SystemRoot\system32\drivers\acpi.sys
0x86676000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8667F000 \SystemRoot\system32\drivers\msisadrv.sys
0x86687000 \SystemRoot\system32\drivers\pci.sys
0x866AE000 \SystemRoot\System32\drivers\partmgr.sys
0x866BD000 \SystemRoot\system32\drivers\volmgr.sys
0x866CC000 \SystemRoot\System32\drivers\volmgrx.sys
0x86716000 \SystemRoot\system32\drivers\pciide.sys
0x8671D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8672B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8673B000 \SystemRoot\System32\drivers\sfsync02.sys
0x86744000 \SystemRoot\system32\drivers\atapi.sys
0x8674C000 \SystemRoot\system32\drivers\ataport.SYS
0x8676A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8679C000 \SystemRoot\system32\drivers\N360\0403000.005\SYMDS.SYS
0x86801000 \SystemRoot\system32\drivers\fileinfo.sys
0x86811000 \SystemRoot\system32\drivers\N360\0403000.005\SYMEFA.SYS
0x8683E000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x86848000 \SystemRoot\System32\Drivers\ksecdd.sys
0x868B9000 \SystemRoot\system32\drivers\ndis.sys
0x869C4000 \SystemRoot\system32\drivers\msrpc.sys
0x869EF000 \SystemRoot\system32\drivers\NETIO.SYS
0x86A2A000 \SystemRoot\System32\drivers\tcpip.sys
0x86B14000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86B2F000 \SystemRoot\system32\DRIVERS\timntr.sys
0x86C0D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D1D000 \SystemRoot\system32\drivers\volsnap.sys
0x86D56000 \SystemRoot\System32\Drivers\spldr.sys
0x86D5E000 \SystemRoot\system32\DRIVERS\snapman.sys
0x86D86000 \SystemRoot\system32\DRIVERS\SISAGPX.sys
0x86D97000 \SystemRoot\System32\drivers\sfhlp02.sys
0x86D9F000 \SystemRoot\System32\drivers\sfdrv01.sys
0x86DB2000 \SystemRoot\System32\Drivers\mup.sys
0x86DC1000 \SystemRoot\System32\drivers\ecache.sys
0x86DE8000 \SystemRoot\system32\drivers\disk.sys
0x86DF9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86E1A000 \SystemRoot\system32\drivers\crcdisk.sys
0x86E43000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86E4E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86E57000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B403000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BDA0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8BDA2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BE43000 \SystemRoot\System32\drivers\watchdog.sys
0x8BE4F000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8BE5A000 \SystemRoot\system32\DRIVERS\parport.sys
0x8BE85000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BE90000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x8BE95000 \SystemRoot\System32\Drivers\WBMS.SYS
0x8BE9E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BEB6000 \SystemRoot\system32\drivers\smwdm.sys
0x8BF4C000 \SystemRoot\system32\drivers\portcls.sys
0x8BF79000 \SystemRoot\system32\drivers\drmk.sys
0x8BF9E000 \SystemRoot\system32\drivers\ks.sys
0x8BFC8000 \SystemRoot\system32\drivers\aeaudio.sys
0x8BFCA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x86E66000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BFD4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C003000 \SystemRoot\system32\drivers\cmudax3.sys
0x8C1CD000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x8C1DE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C1EE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C1FC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C22B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C26C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C277000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C28E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C299000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C2BC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C2CB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C2DF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C2F4000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x8C30B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C31B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C326000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x8C340000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C342000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C34C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C359000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x8C35C000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x8C35F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8C369000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C39E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x86EA4000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS
0x8C3AF000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS
0x8C3CE000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS
0x8D54B000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8D584000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D59B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D59D000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x8D5A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D5AE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D5B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D5C7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D5D0000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x8D5D4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D5E5000 \SystemRoot\System32\Drivers\Null.SYS
0x8D5EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D5F3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D606000 \SystemRoot\System32\drivers\vga.sys
0x8D612000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D633000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D63B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D643000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D64E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D65C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D665000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D67B000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDIV.SYS
0x8D6D4000 \SystemRoot\system32\DRIVERS\usbdpfp.sys
0x8D6E0000 \SystemRoot\system32\DRIVERS\dpK0Bx01.sys
0x8D6E9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D6FD000 \SystemRoot\system32\drivers\afd.sys
0x8D745000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D777000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D780000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D796000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8D7A3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D7B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7C4000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x8D7CD000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x86EFB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D7EF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x86F37000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSvix86.sys
0x8D7F9000 \SystemRoot\System32\Drivers\hwinterface.sys
0x86F92000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C3D8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8BFE3000 \SystemRoot\System32\Drivers\dfsc.sys
0x93C0C000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys
0x93C8B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
0x93D37000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93D44000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93D4F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9F820000 \SystemRoot\System32\win32k.sys
0x93D57000 \SystemRoot\System32\drivers\Dxapi.sys
0x93D61000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9FA40000 \SystemRoot\System32\TSDDD.dll
0x9FA60000 \SystemRoot\System32\cdd.dll
0x9FA70000 \SystemRoot\System32\ATMFD.DLL
0x93D70000 \SystemRoot\system32\drivers\luafv.sys
0x93D93000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x93DA1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93DB1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93DDB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93DE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93DF8000 \SystemRoot\system32\drivers\spsys.sys
0x93EA8000 \SystemRoot\system32\drivers\HTTP.sys
0x93F15000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x93F32000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93F4B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93F60000 \SystemRoot\system32\drivers\mrxdav.sys
0x93F81000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93FA0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93FD9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x86BBF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA540D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA545B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA5464000 \??\C:\Windows\system32\drivers\hcmon.sys
0xA546E000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA5475000 \??\C:\Windows\system32\Drivers\vmci.sys
0xA5485000 \??\C:\Windows\system32\Drivers\VMparport.sys
0xA548A000 \??\C:\Windows\system32\Drivers\vmx86.sys
0xA5559000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA559C000 \??\C:\Windows\system32\drivers\hostnt.sys
0xA559D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA55A2000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xA55AC000 \SystemRoot\system32\drivers\peauth.sys
0xA568A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA5694000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA56A0000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0xA56A5000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0xA56A9000 \SystemRoot\system32\drivers\tdtcp.sys
0xA56B4000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA56C0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA56F3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA5709000 \??\C:\Windows\system32\drivers\mbam.sys
0x8D400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110116.003\NAVEX15.SYS
0xA570D000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110116.003\NAVENG.SYS
0x772C0000 \Windows\System32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
604 C:\Windows\System32\wininit.exe
612 csrss.exe
660 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
948 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\audiodg.exe
1268 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1416 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1428 C:\Windows\System32\nvvsvc.exe
1816 C:\Windows\System32\spoolsv.exe
1848 C:\Windows\System32\svchost.exe
496 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
532 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
596 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
936 C:\Program Files\Bonjour\mDNSResponder.exe
1156 C:\Windows\System32\svchost.exe
856 C:\Program Files\DigitalPersona\Bin\DpHost.exe
1504 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1220 C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
1356 C:\Windows\System32\svchost.exe
1348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1528 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
2116 C:\Windows\System32\vmnat.exe
2164 C:\Windows\System32\svchost.exe
2344 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
2568 C:\Windows\System32\vmnetdhcp.exe
3040 dllhost.exe
3308 C:\Windows\System32\taskeng.exe
3604 C:\Program Files\Norton 360 Premier Edition\Engine\4.3.0.5\ccsvchst.exe
3648 C:\Windows\System32\taskeng.exe
3704 C:\Windows\System32\dwm.exe
3712 C:\Windows\explorer.exe
3116 C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
3192 C:\Windows\System32\wpcumi.exe
3252 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2104 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
3352 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
524 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
3096 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
3372 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
3000 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3524 C:\Program Files\iTunes\iTunesHelper.exe
3588 C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
2180 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
400 C:\Program Files\Windows Sidebar\sidebar.exe
3516 C:\Windows\ehome\ehtray.exe
3092 C:\Program Files\Windows Media Player\wmpnscfg.exe
380 C:\Windows\System32\wbem\unsecapp.exe
180 WmiPrvSE.exe
868 C:\Windows\ehome\ehmsas.exe
3184 C:\Program Files\Windows Media Player\wmpnetwk.exe
840 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
2040 C:\Program Files\Windows Sidebar\sidebar.exe
4508 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4576 C:\Program Files\iPod\bin\iPodService.exe
4716 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
4176 C:\Windows\System32\SearchIndexer.exe
4100 C:\Program Files\Internet Explorer\iexplore.exe
4440 C:\Program Files\Internet Explorer\iexplore.exe
5304 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
4332 C:\Windows\System32\SearchFilterHost.exe
5556 C:\Windows\System32\SearchProtocolHost.exe
3932 C:\Users\Robert\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKB-00H8A0, Rev: 05.04E05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
mrlucky
Regular Member
 
Posts: 16
Joined: January 13th, 2011, 1:34 am

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby mrlucky » January 16th, 2011, 8:18 pm

Server:
Address: 192.168.2.1

Name: www.malwarebytes.org.MrLucky
Address: 208.68.139.89

Server:
Address: 192.168.2.1

Name: www.safer-networking.org.MrLucky
Address: 208.68.139.89

Server:
Address: 192.168.2.1

Name: www.google.com.MrLucky
Address: 208.68.143.55

Server:
Address: 192.168.2.1

Name: www.google.co.uk.MrLucky
Address: 208.68.139.89



Pinging malwarebytes.org [216.245.195.234] with 32 bytes of data:

Reply from 216.245.195.234: bytes=32 time=53ms TTL=48

Reply from 216.245.195.234: bytes=32 time=53ms TTL=48

Reply from 216.245.195.234: bytes=32 time=54ms TTL=48

Reply from 216.245.195.234: bytes=32 time=56ms TTL=48



Ping statistics for 216.245.195.234:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 53ms, Maximum = 56ms, Average = 54ms



Pinging www.safer-networking.org [188.165.126.152] with 32 bytes of data:

Reply from 188.165.126.152: bytes=32 time=160ms TTL=45

Reply from 188.165.126.152: bytes=32 time=164ms TTL=45

Reply from 188.165.126.152: bytes=32 time=161ms TTL=45

Reply from 188.165.126.152: bytes=32 time=161ms TTL=45



Ping statistics for 188.165.126.152:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 160ms, Maximum = 164ms, Average = 161ms



Pinging www.l.google.com [66.102.7.104] with 32 bytes of data:

Reply from 66.102.7.104: bytes=32 time=19ms TTL=53

Reply from 66.102.7.104: bytes=32 time=17ms TTL=53

Reply from 66.102.7.104: bytes=32 time=19ms TTL=53

Reply from 66.102.7.104: bytes=32 time=35ms TTL=53



Ping statistics for 66.102.7.104:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 35ms, Average = 22ms



Pinging www.l.google.com [66.102.7.99] with 32 bytes of data:

Reply from 66.102.7.99: bytes=32 time=21ms TTL=53

Reply from 66.102.7.99: bytes=32 time=26ms TTL=53

Reply from 66.102.7.99: bytes=32 time=18ms TTL=53

Reply from 66.102.7.99: bytes=32 time=18ms TTL=53



Ping statistics for 66.102.7.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 26ms, Average = 20ms

Server:
Address: 192.168.2.1

Name: www.malwarebytes.org.MrLucky
Address: 208.68.143.55

Server:
Address: 192.168.2.1

Name: www.safer-networking.org.MrLucky
Address: 208.68.139.89

Server:
Address: 192.168.2.1

Name: www.google.com.MrLucky
Address: 208.68.139.89

Server:
Address: 192.168.2.1

Name: www.google.co.uk.MrLucky
Address: 208.68.143.55



Pinging malwarebytes.org [216.245.195.234] with 32 bytes of data:

Reply from 216.245.195.234: bytes=32 time=56ms TTL=48

Reply from 216.245.195.234: bytes=32 time=57ms TTL=48

Reply from 216.245.195.234: bytes=32 time=63ms TTL=48

Reply from 216.245.195.234: bytes=32 time=56ms TTL=48



Ping statistics for 216.245.195.234:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 63ms, Average = 58ms



Pinging www.safer-networking.org [188.165.126.152] with 32 bytes of data:

Reply from 188.165.126.152: bytes=32 time=163ms TTL=45

Reply from 188.165.126.152: bytes=32 time=162ms TTL=45

Reply from 188.165.126.152: bytes=32 time=169ms TTL=45

Reply from 188.165.126.152: bytes=32 time=164ms TTL=45



Ping statistics for 188.165.126.152:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 162ms, Maximum = 169ms, Average = 164ms



Pinging www.l.google.com [66.102.7.99] with 32 bytes of data:

Reply from 66.102.7.99: bytes=32 time=18ms TTL=53

Reply from 66.102.7.99: bytes=32 time=18ms TTL=53

Reply from 66.102.7.99: bytes=32 time=19ms TTL=53

Reply from 66.102.7.99: bytes=32 time=19ms TTL=53



Ping statistics for 66.102.7.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 19ms, Average = 18ms



Pinging www.l.google.com [66.102.7.104] with 32 bytes of data:

Reply from 66.102.7.104: bytes=32 time=26ms TTL=53

Reply from 66.102.7.104: bytes=32 time=19ms TTL=53

Reply from 66.102.7.104: bytes=32 time=20ms TTL=53

Reply from 66.102.7.104: bytes=32 time=21ms TTL=53



Ping statistics for 66.102.7.104:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 26ms, Average = 21ms

Server:
Address: 192.168.2.1

Name: www.malwarebytes.org.MrLucky
Address: 208.68.143.55

Server:
Address: 192.168.2.1

Name: www.safer-networking.org.MrLucky
Address: 208.68.139.89

Server:
Address: 192.168.2.1

Name: www.google.com.MrLucky
Address: 208.68.143.55

Server:
Address: 192.168.2.1

Name: www.google.co.uk.MrLucky
Address: 208.68.143.55



Pinging malwarebytes.org [216.245.195.234] with 32 bytes of data:

Reply from 216.245.195.234: bytes=32 time=53ms TTL=48

Reply from 216.245.195.234: bytes=32 time=58ms TTL=48

Reply from 216.245.195.234: bytes=32 time=55ms TTL=48

Reply from 216.245.195.234: bytes=32 time=56ms TTL=48



Ping statistics for 216.245.195.234:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 53ms, Maximum = 58ms, Average = 55ms



Pinging www.safer-networking.org [188.165.126.152] with 32 bytes of data:

Reply from 188.165.126.152: bytes=32 time=163ms TTL=45

Reply from 188.165.126.152: bytes=32 time=173ms TTL=45

Reply from 188.165.126.152: bytes=32 time=165ms TTL=45

Reply from 188.165.126.152: bytes=32 time=172ms TTL=45



Ping statistics for 188.165.126.152:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 163ms, Maximum = 173ms, Average = 168ms



Pinging www.l.google.com [66.102.7.104] with 32 bytes of data:

Reply from 66.102.7.104: bytes=32 time=17ms TTL=53

Reply from 66.102.7.104: bytes=32 time=20ms TTL=53

Reply from 66.102.7.104: bytes=32 time=18ms TTL=53

Reply from 66.102.7.104: bytes=32 time=29ms TTL=53



Ping statistics for 66.102.7.104:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 29ms, Average = 21ms



Pinging www.l.google.com [66.102.7.99] with 32 bytes of data:

Reply from 66.102.7.99: bytes=32 time=33ms TTL=53

Reply from 66.102.7.99: bytes=32 time=32ms TTL=53

Reply from 66.102.7.99: bytes=32 time=30ms TTL=53

Reply from 66.102.7.99: bytes=32 time=32ms TTL=53



Ping statistics for 66.102.7.99:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 33ms, Average = 31ms
mrlucky
Regular Member
 
Posts: 16
Joined: January 13th, 2011, 1:34 am

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby deltalima » January 17th, 2011, 8:15 am

Hi mrlucky.

Download and Run ComboFix

Download Combofix by sUBs from one of these links and save it to your Desktop.
Link 1 | Link 2

**Ensure you have disabled ALL anti-virus, anti-malware and firewall programs so they do not interfere with ComboFix.**
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

  • Double-click ComboFix.exe to start Combofix (If you get a User Account Control warning, click Allow)
  • If you get a message from ComboFix that a rootkit is detected and it needs to reboot the computer, allow it to do so.
  • Wait for scan to complete. It can take tens of minutes.
  • Do not run any programs or do anything to interfere with ConboFix as it is running.
  • Once finished, a log should open. If not, the log can be located at C:\ComboFix.txt

Please include the ComboFix log (C:\ComboFix.txt) in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby mrlucky » January 17th, 2011, 2:07 pm

ComboFix 11-01-16.04 - Robert 01/17/2011 9:00.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1023.302 [GMT -8:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 Premier Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 Premier Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Labelle\lame_enc_en.dll
c:\users\Labelle\lametritonus_en.dll
c:\users\Robert\AppData\Roaming\.#
c:\users\Robert\AppData\Roaming\EurekaLog
c:\users\Robert\AppData\Roaming\EurekaLog\CyberGhost\CyberGhost.elf
c:\users\Robert\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Robert\AppData\Roaming\inst.exe
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\chrome.manifest
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\chrome\xulcache.jar
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\defaults\preferences\xulcache.js
c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\extensions\{d598e06d-babc-468a-8b31-802a9a1336ec}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-12-17 to 2011-01-17 )))))))))))))))))))))))))))))))


2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Labelle\AppData\Local\temp
2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 17:27 . 2011-01-17 17:27 -------- d-----w- c:\users\Bobert\AppData\Local\temp
2011-01-17 03:54 . 2011-01-17 03:54 -------- d-----w- c:\users\Robert\AppData\Local\Apple
2011-01-16 02:36 . 2011-01-16 02:36 -------- d-----w- c:\users\Robert\AppData\Roaming\WinPatrol
2011-01-13 17:21 . 2011-01-16 11:36 -------- d-----w- c:\users\Robert\AppData\Local\Adobe
2011-01-13 05:08 . 2011-01-13 05:09 -------- d-----w- c:\program files\trend micro
2011-01-13 05:08 . 2011-01-13 05:09 -------- d-----w- C:\rsit
2011-01-12 20:18 . 2011-01-12 20:19 -------- d-sh--w- c:\programdata\D669C4E80122425E2EECE15F50391D93
2011-01-12 19:57 . 2011-01-12 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\FrostWire
2011-01-12 16:39 . 2010-08-17 23:54 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-12 16:39 . 2010-08-17 23:54 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-12 16:39 . 2010-08-17 23:51 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-12 16:39 . 2010-08-17 23:51 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-12 16:39 . 2010-08-17 23:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-12 16:39 . 2010-08-17 23:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-12 16:39 . 2010-08-17 23:52 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-12 16:39 . 2010-08-17 23:51 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-12 16:39 . 2010-08-17 23:49 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-12 16:39 . 2010-08-17 23:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-12 16:39 . 2010-08-17 23:50 680960 ----a-w- c:\windows\system32\d2d1.dll
2011-01-12 16:39 . 2010-08-17 23:49 1068032 ----a-w- c:\windows\system32\DWrite.dll
2011-01-12 16:34 . 2011-01-12 16:34 -------- d-----w- c:\program files\Feedback Tool
2011-01-12 15:54 . 2011-01-12 15:54 -------- d-----w- c:\users\Robert\AppData\Local\BuildAGadget Content
2011-01-11 22:46 . 1998-10-14 16:00 283648 ----a-w- c:\windows\uninst.exe
2011-01-11 21:43 . 2011-01-11 21:43 -------- d-----w- c:\users\Robert\AppData\Local\ElevatedDiagnostics
2011-01-11 21:33 . 2011-01-11 21:38 -------- d-----w- c:\program files\Microsoft ATS
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-11 20:49 . 2010-10-16 18:55 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-11 20:49 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-11 20:49 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-11 20:49 . 2010-10-16 18:55 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-11 20:49 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-11 20:49 . 2010-10-16 18:55 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-11 20:49 . 2010-10-16 18:55 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-11 20:49 . 2010-10-16 18:55 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-11 20:49 . 2010-10-16 18:55 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-11 20:15 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 20:15 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 20:15 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 20:15 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 20:15 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 20:15 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 20:15 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 14:24 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-10 20:13 . 2011-01-10 20:13 -------- d-----w- c:\program files\Windows Imaging
2011-01-10 20:10 . 2011-01-10 20:13 -------- d-----w- c:\program files\Windows AIK
2011-01-10 16:59 . 2011-01-10 17:16 -------- d-----w- c:\users\Robert\AppData\Roaming\Wuala
2011-01-10 16:58 . 2011-01-10 22:54 -------- d-----w- c:\users\Robert\AppData\Local\Wuala
2011-01-10 16:19 . 2011-01-12 19:46 -------- d-----w- c:\program files\vLite
2011-01-09 00:00 . 2011-01-09 00:00 -------- d-----w- c:\users\Robert\AppData\Roaming\Acapela Group
2011-01-08 23:58 . 2011-01-08 23:58 -------- d-----w- c:\programdata\NaturalSoft
2011-01-08 21:53 . 2011-01-10 00:38 -------- d-----w- c:\program files\NaturalSoft
2011-01-07 23:25 . 2011-01-07 23:25 -------- d-----w- c:\users\Robert\AppData\Roaming\S.A.D
2011-01-07 04:16 . 2011-01-07 04:16 -------- d-----w- c:\users\Robert\AppData\Roaming\Media Player Classic
2011-01-07 00:24 . 2011-01-07 00:24 -------- d-----w- c:\program files\XviD
2011-01-06 19:19 . 2011-01-06 19:19 -------- d-----w- c:\users\Robert\AppData\Roaming\DigitalPersona
2011-01-06 19:07 . 2011-01-06 19:07 -------- d-----w- c:\windows\DPDrv
2011-01-06 19:06 . 2011-01-06 19:06 -------- d-----w- c:\program files\DigitalPersona
2011-01-06 18:20 . 2011-01-06 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-01-05 17:35 . 2011-01-06 06:43 -------- d-----w- c:\users\Robert\AppData\Roaming\HandBrake
2011-01-05 17:35 . 2011-01-05 17:35 -------- d-----w- c:\users\Robert\AppData\Local\HandBrake
2011-01-05 17:34 . 2011-01-05 17:34 -------- d-----w- c:\program files\Handbrake
2011-01-05 16:00 . 2011-01-05 16:00 -------- d-----w- c:\users\Robert\AppData\Roaming\DVDFab
2011-01-02 03:31 . 2011-01-02 03:34 -------- d-----w- c:\program files\Hewlett-Packard
2011-01-02 03:29 . 2011-01-02 03:29 -------- d-----w- C:\Swsetup
2010-12-31 13:17 . 2010-12-31 13:17 -------- d-----w- c:\program files\Passware
2010-12-31 12:54 . 2010-12-31 12:56 -------- d-----w- c:\users\Robert\AppData\Roaming\Passware
2010-12-24 11:17 . 2010-12-24 11:17 -------- d-----w- c:\users\Robert\AppData\Roaming\CCS64
2010-12-24 11:17 . 2010-12-24 11:17 -------- d-----w- c:\program files\Computerbrains C.C.S
2010-12-21 13:17 . 2010-12-21 13:17 -------- d-----w- c:\program files\FramefileWizard
2010-12-21 12:43 . 2010-12-21 12:43 3026 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2010-12-21 04:19 . 2010-12-23 11:42 -------- d-----w- C:\games
2010-12-19 02:13 . 2010-12-19 02:13 -------- d-----w- C:\SA
2010-12-18 21:35 . 2010-12-18 21:35 -------- d-----w- c:\program files\Norton System Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 02:09 . 2009-09-18 01:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-18 01:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 03:09 . 2010-12-10 02:25 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-10 02:25 . 2010-12-10 02:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-12-04 20:18 . 2009-09-12 21:30 47360 ----a-w- c:\users\Robert\AppData\Roaming\pcouffin.sys
2010-12-04 04:35 . 2010-12-07 17:26 52096 ----a-w- c:\windows\system32\drivers\dvdfab.sys
2010-12-01 21:44 . 2010-12-01 21:44 100560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-01 21:44 . 2010-12-05 00:24 143248 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-01 21:44 . 2010-12-05 00:23 41936 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-01 21:44 . 2010-12-01 21:44 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-01 21:44 . 2010-12-01 21:44 111504 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-19 16:23 . 2010-11-19 16:23 278728 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-11-19 16:23 . 2010-11-19 16:23 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-11-19 04:00 . 2010-11-19 04:00 2471264 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-11-19 03:52 . 2010-11-19 03:52 594208 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-11-19 03:51 . 2010-11-19 03:51 170272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-11-13 02:53 . 2010-06-16 03:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-11 22:00 . 2010-11-11 22:00 854128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-11-11 22:00 . 2010-11-11 22:00 70768 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-11-11 21:59 . 2010-11-19 09:22 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-11-11 21:59 . 2010-11-19 09:22 404080 ----a-w- c:\windows\system32\vmnat.exe
2010-11-11 21:59 . 2010-11-11 21:59 23792 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-11-11 21:58 . 2010-11-19 09:20 760432 ----a-w- c:\windows\system32\vnetlib.dll
2010-11-11 21:57 . 2010-11-19 09:20 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-11-11 21:56 . 2010-11-19 09:21 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-11-11 20:31 . 2010-11-11 20:31 32368 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-11-11 20:04 . 2010-11-11 20:04 252528 ----a-w- c:\windows\system32\vmnc.dll
2010-11-11 18:04 . 2010-11-11 18:04 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-11-11 18:04 . 2010-11-11 18:04 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-11-11 18:04 . 2010-11-11 18:04 36400 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-11-11 18:04 . 2010-11-11 18:04 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-11-11 18:04 . 2010-11-11 18:04 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-11-04 18:56 . 2010-12-15 19:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-15 19:57 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-15 19:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-15 19:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-15 19:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-15 19:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-15 19:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-15 19:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-15 19:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-15 19:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-15 19:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-15 19:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-15 19:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-15 19:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-15 19:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-15 19:56 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinZip E-Mail Companion OEAPI"="c:\program files\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 75136]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-29 1485208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-06-08 2605424]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-06-08 362488]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 129648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 1778064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DPAgnt"="c:\program files\DigitalPersona\Bin\DPAgnt.exe" [2006-10-10 807440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\users\Labelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
2006-10-10 00:27 99856 ----a-w- c:\windows\System32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2010-12-04 52096]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896]
R3 MaplomL;MaplomL; [x]
R3 mdxgthkn;mdxgthkn;c:\users\Robert\AppData\Local\Temp\mdxgthkn.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936]
S2 HOSTNT;HOSTNT;c:\windows\system32\drivers\hostnt.sys [2010-05-09 4032]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-11-11 70768]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-22 44432]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-17 35584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-19 102448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-21 20952]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-17 47360]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;c:\windows\system32\Drivers\WBMS.SYS [2004-11-10 36224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-17 c:\windows\Tasks\User_Feed_Synchronization-{939DDA86-9DE7-4E45-A974-CB9D9A0AE2FA}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://securityresponse.symantec.com/av ... _homepage/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... .3.1.0.cab
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\51i33mce.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-DaphneDownLoader - c:\games\Daphne\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 09:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5240)
c:\windows\System32\NLSData0009.dll
c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccIPC.dll
c:\program files\Norton 360 Premier Edition\Engine\4.3.0.5\ccGEvt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DigitalPersona\Bin\DpHost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-17 09:47:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-17 17:47

Pre-Run: 385,886,273,536 bytes free
Post-Run: 385,707,868,160 bytes free

- - End Of File - - 5738EB982D1502812AB6E963A7048718
mrlucky
Regular Member
 
Posts: 16
Joined: January 13th, 2011, 1:34 am

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby deltalima » January 17th, 2011, 2:48 pm

Hi mrlucky.

Please let me know if you if you are using a router and if so was it installed by yourself and would you know how to reset it back to the factory defaults.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google Re-directs Computer Running Slow, Sudden Mouse Mo

Unread postby Cypher » January 20th, 2011, 3:03 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware