Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google search redirected

Unread postby otc » February 14th, 2012, 4:23 pm

now stating ots file cant be found
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm
Advertisement
Register to Remove

Re: Google search redirected

Unread postby Elrond » February 14th, 2012, 5:41 pm

Is this when you try to down load it or when yoy try to open it?
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 14th, 2012, 6:12 pm

when I click on your link
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 14th, 2012, 7:09 pm

OK I will be back with you tomorrow as it is now past 01:00 here and I need to go to sleep.
We will try something else as the OT tools don't seem to work for some reason.
I suspect that Trend is blocking it in some way. It seems to be very agesive in trying to protect yoour computer which is good but can become a problem when trying to do scans and/or remove junk. :roll:
See you tomorrow. :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 14th, 2012, 7:46 pm

Thanks, Good night
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 15th, 2012, 3:05 pm

Hi otc.
Thanks for staying with me so far. :)

Let us see if this works.

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

Next
ComboFix - CFScript
WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!


You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    KILLALL::
    
    DDS::
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 364&lng=en <hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80364&lng=en>
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80364 <hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80364>
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw= <hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=>%s&tbid=%tb_id&%language
    uURLSearchHooks: H - No File
    
    
    Folder::
    c:\program files\common files\avg secure search
    c:\documents and settings\all users\application data\AVG Secure Search
    c:\program files\AVG Secure Search
    
    Driver::
    vToolbarUpdater
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= -
    .
    [-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vProt"=-
    "ROC_roc_dec12"=-
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable Trend Micro and SuperAntiSpyware , as shown in this topic. Please close all open application windows.
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    Image

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!

    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  5. Please copy/paste the contents of ComboFix.txt... in your next reply.

** Enable your TrendMicro and SuperAntiSpyware, before connecting to the Internet again! **

Let us hope that this will work. :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby Elrond » February 18th, 2012, 12:53 pm

If I do not hear from you within the next 12 hours I will have to close the topic. :(
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 19th, 2012, 5:52 pm

ComboFix 12-02-17.02 - Bill 02/19/2012 7:58.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1165 [GMT -8:00]
Running from: c:\documents and settings\Bill\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Bill\Desktop\cfscript.txt
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-17 14:50 . 2012-02-17 14:50 -------- d-----w- c:\windows\LastGood
2012-02-15 11:15 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 11:15 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-01 17:19 . 2012-02-01 17:38 723294 ----a-w- c:\windows\unins000.exe
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 14:37 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-24 19:09 . 2012-01-24 19:09 388096 ----a-r- c:\documents and settings\Bill\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 17:51 . 2012-02-01 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-24 17:51 . 2012-01-24 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-24 15:29 . 2012-01-24 15:29 -------- d-----w- c:\program files\SpywareBlaster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:50 . 2012-01-02 14:25 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-01-12 16:53 . 2005-12-29 06:29 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-19 08:13 . 2005-12-29 06:29 832512 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:13 . 2005-12-29 06:28 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-12-19 08:13 . 2005-12-29 06:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:13 . 2005-12-29 06:28 17408 ------w- c:\windows\system32\corpol.dll
2011-11-25 21:57 . 2005-12-29 06:29 293376 ----a-w- c:\windows\system32\winsrv.dll
2012-02-19 15:01 . 2012-01-24 19:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 20:30 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-12-12 27481952]
"Facebook Update"="c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-05 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 28672]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-28 73728]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 131072]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20064872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
c:\documents and settings\Bill\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bill\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-29 155648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Bill\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Bill\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1886:TCP"= 1886:TCP:Genieo
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/2/2011 2:37 PM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/2/2011 2:46 PM 64080]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/16/2012 12:30 PM 909152]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [1/17/2012 11:51 AM 6609920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 9:51 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2012 6:46 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 9:51 PM 136176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [1/2/2012 6:25 AM 12984]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343413112-2627855830-284998304-1006Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-05 07:10]
.
2012-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343413112-2627855830-284998304-1006UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-05 07:10]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 05:51]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 05:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.genieo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.233.207.8 64.233.207.9
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\evoqymkq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is& ... ,0,6434&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 08:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(600)
c:\windows\system32\WININET.dll
c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-02-19 08:19:34
ComboFix-quarantined-files.txt 2012-02-19 16:19
ComboFix2.txt 2012-02-19 15:32
ComboFix3.txt 2012-02-04 14:24
.
Pre-Run: 68,616,884,224 bytes free
Post-Run: 68,613,455,872 bytes free
.
- - End Of File - - 306BCE7F6DCAB5719AC92AD0818A6CD3
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 20th, 2012, 2:22 am

How is your computer behaving?
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 20th, 2012, 12:42 pm

Everything appears to be fine. Any other suggestions for the future?

Thanks, Bill

Do I have to delete any of these programs we downloaded?
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 20th, 2012, 5:03 pm

Congratulations... your computer now appears to be malware free! :)

ComboFix - Cleanup
Time for some housekeeping
  1. Click Start...select Run from the menu.
  2. Copy and paste the following into the text entry box:
    Combofix /Uninstall
  3. Click the OK button. (See image below as reference.)
Image

Please delete the following if you still have them:
TDSSKiller
DDS
GMER
OTL
OTS

Create a new - clean SRP (System Restore Point)
Now that you're clean, it's a great time to create a new, clean SRP and remove any old, possibly compromised, entries.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like All Clean... then press the Create... button.
  4. When finished... press the Close...button.
Remove old SRP entries
  1. Now... Go to Start > Run... type in: cleanmgr...press the OK...button.
    The Disk Cleanup begins "calculating" space savings by compressing old files. This could take several minutes.
  2. When available... select the More Options... tab.
  3. In the System Restore section... Press the Clean up...button.
  4. Reply Yes to the prompt. Press the X to close and exit.
    All existing restore points will be deleted... except the new one you just created.

Now to update some programs that are out of date.
I already know that both Internt Explorer and Firefox are out of date and needs replacing. Internet Explorer is at v. 8 for WinXP. You should keep this updated even if you use another browser as it otherwise becomes a security risk.
Please download and run Secunia Personal Software Inspector - Copyright © Secunia.
It will warn you if you have older versions of programs that needs updating on your computer and will suggest ways of updating them.
With regard to Java, we have removed the very old versions that you had on your computer but I would sugeast that you go to Add/Remove programs in the Control Panel and remove any versions that you find. They are all outdated. You can then download the latest version of Java from http://www.java.com/en/download/index.jsp You will find the latest version that is recomended there.

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - © Copyright FileHippo.com
F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows
Using Windows Update for Windows
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol... provides limited real-time protection)

Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post.
Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby Elrond » February 24th, 2012, 4:27 am

otc this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware