Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google searches redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google searches redirected

Unread postby hfree » September 26th, 2010, 8:28 am

I have been having some recent malware problems. I downloaded and ran Malwarebytes after having to change its name and it removed some malware but I continue to get redirected when I perform google searches. Also I run AVG automatically daily and this morning found that there were 9 viruses of which only 7 were removed. The unfixed viruses were Trojan Horse Vundo.LP. I reran Malwarebytes and also AVG and finally a program called Vundofix by atribune but the Vundo malware was not detected again by any of the programs. I am uncertain if AVG removed it or somehting else happended here. My Hijackthis log is below.

Thanks for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:59 AM, on 09/26/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c16/v ... boax10.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://69.198.235.114:24421/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://myemail.t-mobile.com/html/web/c ... Import.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intuit.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Windows\Act.Scheduler.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Update Service (gupdate1ca5c8c681c658e) (gupdate1ca5c8c681c658e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 15414 bytes
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am
Advertisement
Register to Remove

Re: Google searches redirected

Unread postby km2357 » September 27th, 2010, 2:31 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » September 28th, 2010, 8:12 am

Thanks for your help. I have run both DDS and GMER. Unfortunately GMER has caused my computer to crash about 5 times and I have been unable to complete the scan. I deleted GMER and downloaded it again but it still did not work. I also unticked every box other than Sections to see if that would help but it did not. Below are the two DDS logs. Please advise if there is something else I can do to get the GMER log or if we can momre forward without it.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Harlan Freeman at 13:55:23.40 on 09/27/10
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.928 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Harlan Freeman\Local Settings\Temporary Internet Files\Content.IE5\7ASTR90B\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PMX Daemon] ICO.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1\exchan~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
uPolicies-explorer: <NO NAME> =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mvadvd.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6087.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c16/v ... boax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://69.198.235.114:24421/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://myemail.t-mobile.com/html/web/c ... Import.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuit.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-22 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-4-13 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 243024]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2007-5-8 135168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-4-12 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-4-12 14336]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2007-4-16 90112]
S2 gupdate1ca5c8c681c658e;Google Update Service (gupdate1ca5c8c681c658e);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-4-16 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2007-4-16 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2007-4-16 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-4-16 61440]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]

=============== Created Last 30 ================

2010-09-26 10:57:09 0 d-----w- C:\VundoFix Backups
2010-09-25 13:47:04 3279 ----a-w- c:\windows\system32\wbem\Outlook_01cb5cb8236853ee.mof
2010-09-25 12:09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-24 13:39:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 13:39:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 13:39:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 13:18:34 0 d-----w- c:\program files\Trend Micro
2010-09-22 15:19:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-22 12:05:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-22 12:03:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

==================== Find3M ====================

2010-09-27 13:32:01 4392 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:57:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2007-04-14 04:40:16 8 --sh--r- c:\windows\system32\2F459D1BF1.sys
2005-04-20 21:48:48 56 --sha-r- c:\windows\system32\922FCD3592.sys
2007-04-16 18:10:06 88 --sh--r- c:\windows\system32\F11B9D452F.sys
2008-10-23 17:05:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 13:56:21.96 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 04/12/07 7:28:17 PM
System Uptime: 09/27/10 6:59:40 AM (7 hours ago)

Motherboard: Dell Inc. | | 0RF703
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Microprocessor | 1578/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 182.59 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP40: 06/29/10 7:18:32 PM - System Checkpoint
RP41: 06/30/10 7:44:10 PM - System Checkpoint
RP42: 07/01/10 9:49:21 PM - System Checkpoint
RP43: 07/02/10 10:14:24 PM - System Checkpoint
RP44: 07/03/10 10:35:00 PM - System Checkpoint
RP45: 07/04/10 11:11:45 PM - System Checkpoint
RP46: 07/05/10 11:32:05 PM - System Checkpoint
RP47: 07/07/10 7:17:11 AM - System Checkpoint
RP48: 07/08/10 9:32:42 AM - System Checkpoint
RP49: 07/09/10 9:37:41 AM - System Checkpoint
RP50: 07/12/10 11:54:26 AM - System Checkpoint
RP51: 07/13/10 2:56:21 PM - System Checkpoint
RP52: 07/14/10 3:00:27 AM - Software Distribution Service 3.0
RP53: 07/15/10 3:37:59 AM - System Checkpoint
RP54: 07/15/10 8:56:01 AM - Avg Update
RP55: 07/15/10 8:57:34 AM - Avg Update
RP56: 07/16/10 7:27:22 PM - System Checkpoint
RP57: 07/17/10 8:05:47 PM - System Checkpoint
RP58: 07/19/10 2:29:58 PM - System Checkpoint
RP59: 07/20/10 3:44:40 PM - System Checkpoint
RP60: 07/21/10 9:38:06 AM - Avg Update
RP61: 07/22/10 12:08:33 PM - System Checkpoint
RP62: 07/23/10 2:27:35 PM - System Checkpoint
RP63: 07/24/10 2:57:21 PM - System Checkpoint
RP64: 07/25/10 6:35:36 PM - System Checkpoint
RP65: 07/26/10 7:25:03 PM - System Checkpoint
RP66: 07/27/10 8:04:23 PM - System Checkpoint
RP67: 07/28/10 8:32:15 PM - System Checkpoint
RP68: 07/29/10 9:00:29 PM - System Checkpoint
RP69: 07/30/10 9:20:22 PM - System Checkpoint
RP70: 07/31/10 10:20:24 PM - System Checkpoint
RP71: 08/01/10 10:25:48 PM - System Checkpoint
RP72: 08/03/10 3:00:24 AM - Software Distribution Service 3.0
RP73: 08/04/10 3:34:54 AM - System Checkpoint
RP74: 08/05/10 7:22:41 AM - System Checkpoint
RP75: 08/06/10 12:12:24 PM - System Checkpoint
RP76: 08/07/10 2:55:25 PM - System Checkpoint
RP77: 08/08/10 5:39:02 PM - System Checkpoint
RP78: 08/09/10 6:00:12 PM - System Checkpoint
RP79: 08/10/10 6:35:11 PM - System Checkpoint
RP80: 08/11/10 6:41:36 PM - System Checkpoint
RP81: 08/12/10 3:00:29 AM - Software Distribution Service 3.0
RP82: 08/13/10 3:44:58 AM - System Checkpoint
RP83: 08/14/10 4:39:03 AM - System Checkpoint
RP84: 08/15/10 4:46:09 AM - System Checkpoint
RP85: 08/15/10 7:50:44 PM - Removed iTunes
RP86: 08/15/10 7:59:42 PM - Installed iTunes
RP87: 08/16/10 8:18:20 PM - System Checkpoint
RP88: 08/17/10 9:37:56 PM - System Checkpoint
RP89: 08/18/10 9:54:51 PM - System Checkpoint
RP90: 08/19/10 10:33:21 PM - System Checkpoint
RP91: 08/20/10 10:47:15 PM - System Checkpoint
RP92: 08/21/10 10:49:41 PM - System Checkpoint
RP93: 08/23/10 11:54:30 AM - System Checkpoint
RP94: 08/26/10 9:05:23 PM - System Checkpoint
RP95: 08/27/10 9:41:53 PM - System Checkpoint
RP96: 08/29/10 1:12:10 AM - System Checkpoint
RP97: 08/30/10 11:24:15 AM - System Checkpoint
RP98: 08/31/10 12:20:38 PM - System Checkpoint
RP99: 09/01/10 6:20:53 PM - System Checkpoint
RP100: 09/02/10 7:27:08 PM - System Checkpoint
RP101: 09/03/10 8:20:36 PM - System Checkpoint
RP102: 09/04/10 8:41:21 PM - System Checkpoint
RP103: 09/06/10 9:14:23 AM - System Checkpoint
RP104: 09/07/10 6:33:38 PM - System Checkpoint
RP105: 09/08/10 6:07:18 AM - Software Distribution Service 3.0
RP106: 09/09/10 9:52:50 AM - Avg Update
RP107: 09/10/10 12:54:24 PM - System Checkpoint
RP108: 09/11/10 1:33:29 PM - System Checkpoint
RP109: 09/12/10 1:53:19 PM - System Checkpoint
RP110: 09/13/10 5:05:39 PM - System Checkpoint
RP111: 09/14/10 8:35:17 PM - System Checkpoint
RP112: 09/15/10 9:02:46 PM - System Checkpoint
RP113: 09/16/10 9:49:02 PM - System Checkpoint
RP114: 09/17/10 10:15:21 PM - System Checkpoint
RP115: 09/19/10 6:38:02 AM - System Checkpoint
RP116: 09/20/10 9:26:45 AM - System Checkpoint
RP117: 09/21/10 8:02:05 PM - System Checkpoint
RP118: 09/22/10 8:11:56 PM - System Checkpoint
RP119: 09/23/10 8:07:58 AM - Avg Update
RP120: 09/23/10 8:09:04 AM - Avg Update
RP121: 09/24/10 8:27:13 AM - Configured ACT! Internet Sync Service
RP122: 09/24/10 8:27:51 AM - Configured ACT! Network Sync Service
RP123: 09/24/10 8:31:52 AM - Removed Napster Burn Engine
RP124: 09/24/10 8:32:02 AM - Removed Napster
RP125: 09/25/10 9:45:52 PM - System Checkpoint
RP126: 09/27/10 1:24:19 PM - System Checkpoint

==== Installed Programs ======================

1888 Quick Flow Chart Creator 1.0
3ivx MPEG-4 5.0.3 (remove only)
A-PDF Merger 2.4
ACT!
ACT! 2005 Premium
ACT! Premium 9.0
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AVG Free 9.0
BlackBerry Desktop Software 4.2
BlackBerry v4.1.0 for the 7100 Series Wireless Device
Bonjour
BookSmart™ 1.9.9 1.9.9
Broadcom ASF Management Applications
Broadcom Management Programs
Brother MFL-Pro Suite
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon i560
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCH Small Firm Services (xulRunner)
CompanionLink
Compatibility Pack for the 2007 Office system
ContactGrabber 2.9.0
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD II Driver
Creative PlayCenter 2
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Critical Update for Windows Media Player 11 (KB959772)
DATA BECKER Your Handwriting II
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
Dell ETS Factory Installation
Dell Printer Software
Dell Support 3.2.1
Easy-WebPrint
Easy CD Creator 5 Basic
File Viewer Utility 1.2
FlipShare
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.452
H&R Block Business 2009 (Remove Only)
H&R Block Illinois 2009
H&R Block Premium + Efile + State 2009
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
InterVideo WinDVD Creator 2
InterVideo WinDVD Recorder 5
iTunes
j2 Messenger 3.5
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech IM Video Companion
Logitech ImageStudio
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Print Service
Logitech Resource Center
Macromedia Flash Player 8
Macromedia Shockwave Player
Mail Merge Toolkit
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
Mouse Suite for Desktop Computers
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Online File Folder Edit Tool v10
Online File Folder Edit Tool v12
PaperPort
PartyPoker
PartyPokerNet
PCI Audio Applications
PCI Audio Driver
PCmover
PhotoStitch
Poker Superstars
PokerStars.net
PowerDVD OD
PrimoPDF
PrimoPDF Redistribution Package
QBFC 6.0
QBWebConnector
QuickBooks Pro 2008
QuickBooks Pro Edition 2004
QuickTime
RealPlayer 7 Basic
Remote Control USB Driver
RemoteCapture 2.7.0
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
Skype™ 4.1
Smart Menus (Windows Live Toolbar)
Sonic Update Manager
TaxCut 2004
TaxCut Business 2007 (Remove Only)
TaxCut Business 2008 (Remove Only)
TaxCut Deluxe 2005
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
Wal-Mart Music Downloads Store
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

09/26/10 9:06:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Creative Service for CDROM Access service to connect.
09/26/10 9:06:29 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/26/10 5:28:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
09/25/10 8:53:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
09/25/10 8:53:08 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/25/10 7:33:06 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
09/24/10 8:43:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
09/24/10 8:43:48 AM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/24/10 8:42:09 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
09/24/10 8:42:09 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
09/24/10 5:27:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SQL Server (ACT7) service to connect.
09/24/10 5:27:01 PM, error: Service Control Manager [7000] - The SQL Server (ACT7) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/24/10 10:19:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
09/24/10 10:19:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/24/10 10:18:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:18:47 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/24/10 10:06:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Dell Printer Status Database service to connect.
09/24/10 10:05:37 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 804fb03c.
09/23/10 6:23:43 PM, error: Print [23] - Printer Brother MFC-4350 failed to initialize because a suitable Brother MFC-4350 driver could not be found.
09/23/10 6:23:43 PM, error: Print [23] - Printer ActiveTouch Document Loader failed to initialize because a suitable ActiveTouch Document Loader driver could not be found.
09/22/10 7:56:02 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » September 28th, 2010, 3:44 pm

Since GMER gave you problems, let's try another rootkit scanner.

C:\Documents and Settings\Harlan Freeman\Local Settings\Temporary Internet Files\Content.IE5\7ASTR90B\dds[1].pif

Go ahead and redownload DDS and save it on your Desktop. I'll be having you run DDS a few more times during this fix and having it on your Desktop is easier than downloading it over and over again. :)


Step # 1 Remove Logitech Desktop Messenger

You appear to have a program on your system called Logitech® Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program (Start > Control Panel > Add or Remove Programs) but this is entirely your decision. I suggest doing all updates yourself and removing this application!


Step # 2: Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I would advise you to go to Add/Remove programs and uninstall the following poker program(s):

PartyPoker

Poker Superstars


Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.


Step # 3: Download and Run RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » September 28th, 2010, 6:43 pm

Below is the Rootkit Unhooker report. I have also removed the programs you suggested me to remove. I saved DDS for future scans but did not scan yet as it was not in your instructions. Let me know when I should scan again.

Thanks for all your help.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0DD000 C:\WINDOWS\System32\ati3duag.dll 2756608 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF37E000 C:\WINDOWS\System32\ativvaxx.dll 1753088 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB978C000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1642496 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB9E0C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8EAF000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA9411000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB9615000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9055000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA3F2C000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 286720 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF09B000 C:\WINDOWS\System32\atikvmag.dll 270336 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA2FFD000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA9495000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 262144 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xA8FCD000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xA8DDB000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB9673000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA415F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DDF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8F47000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9702000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 172032 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB972C000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8F94000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA9007000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA40C3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA9471000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9754000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB96CB000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8F72000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DC5000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA4382000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EAC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB96B4000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA439A000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA436C000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EC3000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA3DFF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB96EE000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9778000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA90AE000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E99000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA8FBC000 C:\WINDOWS\System32\Drivers\BrSerIf.sys 69632 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB96A3000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA8E2F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA148000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA0F8000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA402B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA138000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA88B0000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA128000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\pmxmouse.sys 40960 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA288000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA258000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA23B5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\pmxusblf.sys 36864 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0xBA188000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA398000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA87C3000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA388000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA440000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA390000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA378000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3F8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA8C93000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA3EF8000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA5A0000 C:\WINDOWS\System32\Drivers\BrScnUsb.sys 16384 bytes (Brother Industries Ltd., Brother USB Scanner Driver)
0xA8DC7000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA598000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9935000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA432C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9D80000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA5A4000 C:\WINDOWS\System32\Drivers\BrUsbSer.sys 12288 bytes (Brother Industries Ltd., Brother USB Serial Driver )
0xBA594000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA568000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA407F000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D78000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA61E000 C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xBA610000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5FC000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA622000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA60E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA612000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B6000 C:\WINDOWS\system32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xBA614000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5FE000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA600000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA608000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA756000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6F7000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7DE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA687000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A050AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8A347F38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9F0B000 WARNING: suspicious driver modification [atapi.sys::0x8A050AEA]
0x042E0000 Hidden Image-->Act.Office.Addin.dll [ EPROCESS 0x89426380 ] PID: 4184, 126976 bytes
0x06380000 Hidden Image-->Act.Interop.SHDocVw.dll [ EPROCESS 0x898DF2C8 ] PID: 2524, 135168 bytes
0x097B0000 Hidden Image-->Act.Interop.SHDocVw.dll [ EPROCESS 0x89915DA0 ] PID: 4488, 135168 bytes
0x0AD90000 Hidden Image-->Act.Outlook.Message.Reader.dll [ EPROCESS 0x896264E0 ] PID: 2596, 151552 bytes
0xA8F94000 WARNING: Virus alike driver modification [netbt.sys], 163840 bytes
0x0A4B0000 Hidden Image-->Office.dll [ EPROCESS 0x896264E0 ] PID: 2596, 167936 bytes
0x05210000 Hidden Image-->Office.dll [ EPROCESS 0x89426380 ] PID: 4184, 167936 bytes
0x0B1D0000 Hidden Image-->System.XML.dll [ EPROCESS 0x896264E0 ] PID: 2596, 2060288 bytes
0x09EC0000 Hidden Image-->ActOutlookAddin.dll [ EPROCESS 0x896264E0 ] PID: 2596, 241664 bytes
0x03790000 Hidden Image-->Act.Outlook.Service.Interfaces.dll [ EPROCESS 0x8A1563B0 ] PID: 3184, 28672 bytes
0x09EA0000 Hidden Image-->Extensibility.dll [ EPROCESS 0x896264E0 ] PID: 2596, 28672 bytes
0x04320000 Hidden Image-->Extensibility.dll [ EPROCESS 0x89426380 ] PID: 4184, 28672 bytes
0x0A4F0000 Hidden Image-->act.outlook.dll [ EPROCESS 0x896264E0 ] PID: 2596, 299008 bytes
0x0A920000 Hidden Image-->System.dll [ EPROCESS 0x896264E0 ] PID: 2596, 3190784 bytes
0x04430000 Hidden Image-->System.dll [ EPROCESS 0x89426380 ] PID: 4184, 3190784 bytes
0x06300000 Hidden Image-->Act.UI.InternetExplorer.Plugins.AttachFile.dll [ EPROCESS 0x898DF2C8 ] PID: 2524, 36864 bytes
0x09730000 Hidden Image-->Act.UI.InternetExplorer.Plugins.AttachFile.dll [ EPROCESS 0x89915DA0 ] PID: 4488, 36864 bytes
0x0B110000 Hidden Image-->System.configuration.dll [ EPROCESS 0x896264E0 ] PID: 2596, 438272 bytes
0x00ED0000 Hidden Image-->CFScan.dll [ EPROCESS 0x898E1860 ] PID: 2300, 45056 bytes
0x09F80000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x896264E0 ] PID: 2596, 5033984 bytes
0x048F0000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x89426380 ] PID: 4184, 5033984 bytes
0x047F0000 Hidden Image-->word.dll [ EPROCESS 0x89426380 ] PID: 4184, 503808 bytes
0x0AE90000 Hidden Image-->msvcm80.dll [ EPROCESS 0x896264E0 ] PID: 2596, 507904 bytes
0x011C0000 Hidden Image-->Act.Outlook.Service.AppCommon.dll [ EPROCESS 0x8A1563B0 ] PID: 3184, 53248 bytes
0x03B50000 Hidden Image-->Act.Outlook.Service.Shared.dll [ EPROCESS 0x8A1563B0 ] PID: 3184, 61440 bytes
0x04DC0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x89426380 ] PID: 4184, 634880 bytes
0x03B30000 Hidden Image-->Act.Outlook.Service.Desktop.dll [ EPROCESS 0x8A1563B0 ] PID: 3184, 69632 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » September 28th, 2010, 8:05 pm

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » September 29th, 2010, 6:54 pm

I could not get combofix to run. I saved it on my computer several times and when I double click the icon nothing happens,
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » September 29th, 2010, 8:18 pm

Ok, let's try this:

First, delete ComboFix.exe

Also make sure the AVG is disabled before you run ComboFix.

Then follow the instructions below:

Step # 1: Download and Run ComboFix

Download ComboFix from any of the links below. You must rename it to hfree.exe before saving it. Save it to your Desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on hfree.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please include C:\ComboFix.txt in your next reply so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



If ComboFix still doesn't run after you renamed it, try booting your computer into Safe Mode (You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.) and run ComboFix from there.

Post the ComboFix Log (from either Normal or Safe Mode, whichever it runs in) in your next post/reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » September 29th, 2010, 10:35 pm

So I actually figured out to rename combofix beofre getting your repsonse and ran it with success. Here is the log:

ComboFix 10-09-29.01 - Harlan Freeman 09/29/10 21:07:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1330 [GMT -5:00]
Running from: c:\program files\gmer\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Harlan Freeman\Application Data\PriceGong
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Harlan Freeman\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Harlan Freeman\g2mdlhlpx.exe
c:\documents and settings\Harlan Freeman\My Documents\DPE.DUS
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Data
c:\windows\system32\spool\prtprocs\w32x86\x55q5w.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc
-------\Legacy_USNJSVC


((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-28 11:42 . 2010-09-30 01:23 -------- d-----w- c:\program files\gmer
2010-09-26 10:57 . 2010-09-26 10:57 -------- d-----w- C:\VundoFix Backups
2010-09-25 12:09 . 2010-09-25 12:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-24 13:39 . 2010-09-24 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 13:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 13:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 13:18 . 2010-09-24 13:18 -------- d-----w- c:\program files\Trend Micro
2010-09-23 13:09 . 2010-09-23 13:09 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 13:09 . 2010-09-23 13:09 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 13:09 . 2010-09-23 13:09 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 13:09 . 2010-09-23 13:09 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 13:09 . 2010-09-23 13:09 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 13:09 . 2010-09-23 13:09 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 13:09 . 2010-09-23 13:09 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 13:09 . 2010-09-23 13:09 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 13:07 . 2010-09-23 13:07 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-22 15:19 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-22 12:05 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-22 12:03 . 2010-09-22 12:03 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-22 12:03 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-22 12:02 . 2010-09-22 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 02:19 . 2005-04-20 21:34 4392 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-29 23:12 . 2009-04-10 18:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 22:15 . 2007-04-13 23:30 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\funkitron
2010-09-28 22:15 . 2010-01-02 17:56 -------- d-----w- c:\program files\PokerStars.NET
2010-09-28 22:14 . 2007-04-13 21:15 -------- d-----w- c:\program files\PartyGaming.Net
2010-09-28 22:13 . 2007-04-13 12:26 -------- d-----w- c:\program files\Logitech
2010-09-24 13:36 . 2007-04-13 23:32 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\Yahoo!
2010-09-24 13:36 . 2007-04-13 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-09-24 13:34 . 2007-04-13 21:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 13:34 . 2007-04-13 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-24 13:32 . 2007-04-13 21:13 -------- d-----w- c:\program files\Napster
2010-09-24 13:32 . 2007-04-13 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2010-09-24 13:29 . 2007-04-13 21:09 -------- d-----w- c:\program files\Lavasoft
2010-09-24 13:29 . 2007-04-13 23:30 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\Lavasoft
2010-09-24 12:16 . 2009-05-14 16:14 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\Hamachi
2010-09-20 01:12 . 2009-05-09 17:25 -------- d-----w- c:\documents and settings\Lisa.DELLDESKTOP\Application Data\Apple Computer
2010-09-18 18:12 . 2007-04-17 00:02 99152 ----a-w- c:\documents and settings\Harlan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-13 21:21 . 2010-08-17 20:46 -------- d-----w- c:\documents and settings\Harlan\Application Data\Apple Computer
2010-09-12 16:02 . 2009-03-08 23:13 99152 ----a-w- c:\documents and settings\Lisa.DELLDESKTOP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-10 22:48 . 2005-04-12 23:42 99152 ----a-w- c:\documents and settings\Harlan Freeman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 13:17 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:12 . 2010-08-16 00:59 -------- d-----w- c:\program files\iTunes
2010-08-16 00:59 . 2010-08-16 00:59 -------- d-----w- c:\program files\iPod
2010-08-16 00:59 . 2009-05-09 17:35 -------- d-----w- c:\program files\Common Files\Apple
2010-08-16 00:59 . 2010-08-16 00:59 -------- d-----w- c:\program files\Apple Software Update
2010-08-15 03:46 . 2007-04-13 23:28 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\Apple Computer
2010-08-15 03:37 . 2010-08-15 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-15 03:33 . 2008-03-04 18:57 -------- d-----w- c:\program files\QuickTime
2010-08-15 03:29 . 2010-08-15 03:29 -------- d-----w- c:\program files\Bonjour
2010-08-02 12:39 . 2008-03-01 13:53 -------- d-----w- c:\documents and settings\Harlan Freeman\Application Data\TaxCut
2010-08-02 12:39 . 2007-04-13 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-07-22 15:49 . 2004-08-11 23:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 10:19 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-15 13:57 . 2009-03-31 14:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:57 . 2010-07-15 13:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:56 . 2009-03-31 14:53 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-04-14 04:40 . 2007-04-14 04:40 8 --sh--r- c:\windows\system32\2F459D1BF1.sys
2005-04-20 21:48 . 2005-04-20 21:34 56 --sha-r- c:\windows\system32\922FCD3592.sys
2007-04-16 18:10 . 2007-04-16 18:10 88 --sh--r- c:\windows\system32\F11B9D452F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="c:\program files\Laplink\PCmover\LaunchSt.exe" [2007-11-01 247088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-06-23 53248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2006-02-23 192512]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-04 20480]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 45056]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="c:\program files\Laplink\PCmover\LaunchSt.exe" [2007-11-01 247088]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks
Exchange Data with Web Services.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^j2 DllCmd 3.5.lnk]
backup=c:\windows\pss\j2 DllCmd 3.5.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\j2 DllCmd 3.5.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^j2 Tray Menu 3.5.lnk]
backup=c:\windows\pss\j2 Tray Menu 3.5.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\j2 Tray Menu 3.5.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastTVSync]
2004-03-11 08:55 245760 ----a-w- c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 20:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 15:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Harlan Freeman\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"=
"c:\\Program Files\\ACT\\ACT for Windows\\ActSage.exe"=
"c:\\ACT!2007\\PremiumEX\\Dependencies\\ACTSystemCheck.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [09/22/10 7:05 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/31/09 9:53 AM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/31/09 9:53 AM 243024]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [03/17/06 5:25 PM 65536]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [07/15/10 8:57 AM 308136]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [05/08/07 2:56 PM 135168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [08/12/10 7:15 AM 1356952]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [05/27/09 3:27 AM 29262680]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [08/12/10 7:15 AM 15008]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [04/12/07 7:22 PM 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [04/12/07 7:22 PM 14336]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\ACT for Windows\Act.Scheduler.exe [04/16/07 1:07 PM 90112]
S2 gupdate1ca5c8c681c658e;Google Update Service (gupdate1ca5c8c681c658e);c:\program files\Google\Update\GoogleUpdate.exe [11/03/09 8:49 AM 133104]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [04/16/07 7:28 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [04/16/07 7:28 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [04/16/07 7:28 AM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [04/16/07 7:28 AM 61440]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [08/03/05 3:59 PM 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [08/03/05 3:59 PM 8960]
.
Contents of the 'Scheduled Tasks' folder

2010-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 22:31]

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-09-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 13:48]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 13:48]

2010-09-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Creative News - c:\program files\Creative\News\CTNews.isu
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 21:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2196)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pmxscrll.dll
c:\windows\system32\PMXCOMM.dll
c:\windows\system32\PMXHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\BrmfBAgS.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pmxmiced.exe
c:\windows\Logi_MwX.Exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-29 21:28:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-30 02:27

Pre-Run: 200,104,960,000 bytes free
Post-Run: 199,935,635,456 bytes free

- - End Of File - - 5829A993590582BC9B2C406F60E6A83A
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » September 30th, 2010, 2:53 pm

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u21.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • J2SE Runtime Environment 5.0 Update 2

    J2SE Runtime Environment 5.0 Update 5

    J2SE Runtime Environment 5.0 Update 6

    Java(TM) SE Runtime Environment 6 Update 1

    Java(TM) 6 Update 2

    Java(TM) 6 Update 3

    Java(TM) 6 Update 5


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 3 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » September 30th, 2010, 8:57 pm

I have completed all the steps outlined in your post. The redirects stopped after running Combofix and the computer is running much quicker. Below are the two logs requested.


MalwareByte's Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4725

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

09/30/10 7:49:06 PM
mbam-log-2010-09-30 (19-49-06).txt

Scan type: Quick scan
Objects scanned: 193508
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Harlan Freeman at 19:54:12.06 on 09/30/10
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1020 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\gmer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
{7e853d72-626a-48ec-a868-ba8d5e23e045}
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [PMX Daemon] ICO.EXE
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [StartUp This] "c:\program files\laplink\pcmover\LaunchSt.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1\exchan~1.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
uPolicies-explorer: <NO NAME> =
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mvadvd.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6087.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c16/v ... boax10.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://69.198.235.114:24421/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} - hxxps://myemail.t-mobile.com/html/web/c ... Import.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuit.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-22 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-4-13 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-31 243024]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2007-5-8 135168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-4-12 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-4-12 14336]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2007-4-16 90112]
S2 gupdate1ca5c8c681c658e;Google Update Service (gupdate1ca5c8c681c658e);c:\program files\google\update\GoogleUpdate.exe [2009-11-3 133104]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2007-4-16 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2007-4-16 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2007-4-16 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2007-4-16 61440]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]

=============== Created Last 30 ================

2010-10-01 00:19:44 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-30 01:33:00 0 d-sha-r- C:\cmdcons
2010-09-30 01:26:32 98816 ----a-w- c:\windows\sed.exe
2010-09-30 01:26:32 77312 ----a-w- c:\windows\MBR.exe
2010-09-30 01:26:32 256512 ----a-w- c:\windows\PEV.exe
2010-09-30 01:26:32 161792 ----a-w- c:\windows\SWREG.exe
2010-09-28 11:42:58 0 d-----w- c:\program files\gmer
2010-09-26 10:57:09 0 d-----w- C:\VundoFix Backups
2010-09-25 13:47:04 3279 ----a-w- c:\windows\system32\wbem\Outlook_01cb5cb8236853ee.mof
2010-09-25 12:09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-24 13:39:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 13:39:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-24 13:39:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 13:18:34 0 d-----w- c:\program files\Trend Micro
2010-09-22 15:19:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-22 12:05:11 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-22 12:03:19 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}

==================== Find3M ====================

2010-10-01 00:32:54 4392 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 13:57:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2007-04-14 04:40:16 8 --sh--r- c:\windows\system32\2F459D1BF1.sys
2005-04-20 21:48:48 56 --sha-r- c:\windows\system32\922FCD3592.sys
2007-04-16 18:10:06 88 --sh--r- c:\windows\system32\F11B9D452F.sys
2008-10-23 17:05:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

============= FINISH: 19:55:19.34 ===============
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » October 1st, 2010, 3:11 pm

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 7.1.0.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.3.4 is a large program and if you prefer a smaller program you can get Foxit 4.2.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.2.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. How is your computer doing, any other problems?
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » October 2nd, 2010, 4:22 am

Here is Kaspersky Report. No other problems than the ones in the report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 01, 2010 21:59:16
Records in database: 4272747
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 191892
Threats found: 10
Infected objects found: 12
Suspicious objects found: 0
Scan duration: 04:14:45


File name / Threat / Threats count
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\13\3483418d-1e703555 Infected: Trojan-Downloader.Java.Agent.gr 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\13\3483418d-1e703555 Infected: Trojan-Downloader.Java.Agent.gs 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\13\3483418d-1e703555 Infected: Trojan-Downloader.Java.Agent.gt 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\16\3f7b9bd0-5780dba4 Infected: Trojan-Downloader.Java.Agent.eo 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\16\3f7b9bd0-5780dba4 Infected: Exploit.Java.Agent.t 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\16\3f7b9bd0-5780dba4 Infected: Trojan-Downloader.Java.Agent.ep 1
C:\Documents and Settings\Harlan Freeman\Application Data\Sun\Java\Deployment\cache\6.0\61\4b509ffd-7eb3e230 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Harlan Freeman\Application Data\Thunderbird\Profiles\hirxvad2.default\Mail\Local Folders\Personal Folders.sbd\Inbox Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Documents and Settings\Harlan Freeman\Local Settings\Application Data\Microsoft\Outlook\archive through 1-1-08.pst Infected: Trojan-Spy.HTML.Bayfraud.hn 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP124\A0018972.dll Infected: Backdoor.Win32.TDSS.apr 1

Selected area has been scanned.
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am

Re: Google searches redirected

Unread postby km2357 » October 2nd, 2010, 1:11 pm

Kaspersky found a file in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll show you how to remove ComboFix in an upcoming post. Kaspersky also found an infected System Restore point. It is harmless where it is, I'll show you how to remove it and set a new, clean one in an upcoming post.


Open up Outlook and delete every message you no longer need that is in the Inbox. Also, delete all e-mails that are in the Junk/Spam/Bulk/Trash folder.

Do the same thing with Thunderbird.


Step # 1 Clear Java's Cache

Click Start > Control Panel

  • Double-click the Java icon in the control panel. (coffeecup icon)
  • Click Settings under Temporary Internet Files.

    -The Temporary Files Settings dialog box appears.

  • Click Delete Files.

    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.

  • Applications and Applets
  • Trace and Log Files

Make sure both are checked

Click OK on Delete Temporary Files window.

-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Close the Java Control Panel
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3204
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Google searches redirected

Unread postby hfree » October 2nd, 2010, 3:01 pm

I've cleaned up Outlook and cleared Java's cache
hfree
Active Member
 
Posts: 14
Joined: September 25th, 2010, 8:46 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 78 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware