Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google links redirect and start up problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google links redirect and start up problems

Unread postby icecream90 » November 4th, 2010, 4:26 pm

I unless I did it wrong which I dont think, I do not see that log there
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am
Advertisement
Register to Remove

Re: Google links redirect and start up problems

Unread postby Gary R » November 4th, 2010, 4:46 pm

Try running the OTL fix again using the instructions I gave in my earlier post ....... viewtopic.php?p=552876#p552876 ...... don't bother trying to uninstall uTorrent or Java.

If you get an OTL log please post it.

If you still don't get a log from OTL let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 4th, 2010, 10:24 pm

The same error happend when I ran it again so I dont have a log, when it restarted the program is now back on the desktop, the Java update I got rid of cause uTorrent is gone again now, I was gonna do the OTL fix over but I wanted to check with you first
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 5th, 2010, 4:02 am

OK let's try the following .....

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 5th, 2010, 2:33 pm

I ran combofix and I can't get on the internet, I restarted it a few times but nothing
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby icecream90 » November 6th, 2010, 2:14 am

Im back on the internet now since I did a system restore, I restored it back to a point where I dont have combofix anymore but im not sure if I should try to run it again first without checking with you since I lost internet the last time.
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 6th, 2010, 5:28 am

Have a look in your C:\ directory and see if there is a file Combofix.txt

If there is post me the contents, if not let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 7th, 2010, 2:39 am

ComboFix 10-05-27.03 - CAllen 05/28/2010 11:27:49.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1959 [GMT -4:00]
Running from: c:\users\CAllen\Desktop\zzz.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\sysReserve.ini
c:\users\CAllen\AppData\Local\dchirlkmn
c:\users\CAllen\AppData\Local\dchirlkmn\alryfejtssd.exe
c:\users\CAllen\AppData\Local\dpmqtvmmm
c:\users\CAllen\AppData\Local\dpmqtvmmm\wvtsapvtssd.exe
c:\users\CAllen\AppData\Local\flfvovdpf
c:\users\CAllen\AppData\Local\flfvovdpf\lyniyujtssd.exe
c:\users\CAllen\AppData\Local\wtytfrenm
c:\users\CAllen\AppData\Local\wtytfrenm\ibepmoftssd.exe
c:\windows\system32\AbaleZip.dll
c:\windows\system32\sysogg.dll

Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.

2010-05-28 15:38 . 2010-05-28 15:38 -------- d-----w- c:\users\CAllen\AppData\Local\temp
2010-05-28 15:38 . 2010-05-28 15:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-05-27 23:41 . 2010-05-27 23:41 -------- d-----w- c:\program files\NCH Software
2010-05-27 23:41 . 2010-05-27 23:41 -------- d-----w- c:\users\CAllen\AppData\Roaming\NCH Software
2010-05-27 05:24 . 2010-05-27 05:24 -------- d-----w- c:\users\CAllen\AppData\Local\VS Revo Group
2010-05-27 05:24 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 05:23 . 2010-05-27 05:23 -------- d-----w- c:\program files\VS Revo Group
2010-05-25 21:07 . 2010-05-25 21:42 -------- d-----w- c:\program files\CamStudio
2010-05-25 20:01 . 2010-05-25 20:01 -------- d-----w- c:\users\CAllen\AppData\Roaming\Avira
2010-05-25 19:44 . 2010-05-25 19:44 -------- d-----w- c:\program files\Avira
2010-05-25 19:44 . 2010-05-25 19:44 -------- d-----w- c:\progra~2\Avira
2010-05-25 19:44 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-25 19:44 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-25 19:44 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-25 19:44 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-24 22:48 . 2010-05-24 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder
2010-05-24 22:41 . 2010-05-24 22:41 -------- d-----w- c:\program files\YouTube Downloader
2010-05-24 22:33 . 2010-05-24 22:33 -------- d-----w- c:\program files\SuperWebcam
2010-05-24 22:33 . 2006-06-27 12:56 31872 ----a-w- c:\windows\system32\drivers\superwebcam.sys
2010-05-24 04:15 . 2010-05-24 04:16 -------- d-----w- c:\users\CAllen\AppData\Local\ManyCam
2010-05-22 09:47 . 2010-05-22 09:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-05-22 09:47 . 2010-05-22 09:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AOL OCP
2010-05-18 00:55 . 2010-05-18 00:56 -------- d-----w- c:\users\CAllen\AppData\Roaming\ManyCam
2010-05-18 00:55 . 2010-05-18 02:02 -------- d-----w- c:\program files\Ask.com
2010-05-11 20:44 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 05:13 . 2010-05-02 05:13 -------- d-----w- c:\program files\iPod
2010-05-02 05:10 . 2010-05-02 05:10 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 15:23 . 2009-09-24 18:04 0 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-05-28 02:27 . 2010-01-02 00:33 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2010-05-27 05:15 . 2008-02-29 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-25 15:21 . 2010-01-12 22:50 -------- d-----w- c:\users\CAllen\AppData\Roaming\uTorrent
2010-05-24 22:33 . 2008-02-29 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 05:48 . 2009-02-21 02:37 2974 ----a-w- c:\users\CAllen\AppData\Roaming\wklnhst.dat
2010-05-14 22:42 . 2009-11-30 05:48 -------- d-----w- c:\progra~2\Propellerhead Software
2010-05-14 22:42 . 2009-11-30 05:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\Propellerhead Software
2010-05-13 17:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 17:13 . 2008-02-29 05:15 -------- d-----w- c:\progra~2\Microsoft Help
2010-05-12 15:21 . 2009-10-03 05:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 23:38 . 2008-07-04 03:22 680 ----a-w- c:\users\CAllen\AppData\Local\d3d9caps.dat
2010-05-03 14:42 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Radialpoint
2010-05-02 05:15 . 2009-09-10 16:56 -------- d-----w- c:\program files\iTunes
2010-05-02 05:13 . 2008-06-25 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-04-26 00:23 . 2009-10-07 04:14 -------- d-----w- c:\users\CAllen\AppData\Roaming\vlc
2010-04-25 06:11 . 2010-04-25 06:11 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 06:10 . 2010-04-25 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-25 06:09 . 2008-02-29 05:45 -------- d-----w- c:\program files\Java
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 20:12 . 2010-04-04 20:11 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 20:09 . 2010-04-04 20:08 -------- d-----w- c:\program files\QuickTime
2010-03-05 14:01 . 2010-04-14 13:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 05:26 . 2010-03-03 05:26 1691 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2009-12-20 00:33 . 2009-12-19 19:20 6148384 --sha-w- c:\windows\System32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-07-13 50480]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-07-13 14:36 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,df,45,f0,19,5d,ca,01

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-28 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 11:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-28 11:41:22
ComboFix-quarantined-files.txt 2010-05-28 15:41

Pre-Run: 52,217,507,840 bytes free
Post-Run: 52,279,742,464 bytes free

- - End Of File - - 8B79D85A14762F02DE3200FF105CFDAC
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 7th, 2010, 4:29 am

The log looks to be from an old Combofix scan run some time ago.

Lets see if we can get Combofix to run and produce a log this time.

First download a new copy of Combofix to your Desktop from ....

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

Next

Reboot your computer into Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Note: if you cannot boot into safe mode using this method, DO NOT attempt to do so by using MSConfig, this could result in your computer becoming unbootable. Just let me know.

Next

Double click Combofix.exe to run Combofix.

When finished, it will produce a log for you.

IMPORTANT: If Combofix needs to re-boot your computer, make sure it boots back into Safe Mode by tapping the F8 key as your computer re-starts. Then following the directions I gave earlier in this post. The Combofix log should open on your Desktop. Save a copy of it to your Desktop, then boot back into Normal Mode.

Please include this log in your next reply please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 8th, 2010, 4:05 am

It blocked my internet again and system restore doesn't seem to help this time
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 8th, 2010, 7:32 am

Has it created a new log at C:\Combofix.txt ? If it has please post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 8th, 2010, 11:56 am

ComboFix 10-11-07.04 - CAllen 11/07/2010 13:25:03.5.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2504 [GMT -5:00]
Running from: C:\Users\CAllen\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\sysReserve.ini
C:\Users\CAllen\AppData\Roaming\Microsoft\stor.cfg
C:\Users\CAllen\AppData\Roaming\Microsoft\svchost.exe
C:\Users\CAllen\AppData\Roaming\Microsoft\Windows\shell.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 18:31:59 . 2010-11-07 18:32:03 -------- d-----w- C:\Users\CAllen\AppData\Local\temp
2010-11-07 18:31:59 . 2010-11-07 18:31:59 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-11-07 18:31:59 . 2010-11-07 18:31:59 -------- d-----w- C:\Users\Mcx2\AppData\Local\temp
2010-11-07 18:31:59 . 2010-11-07 18:31:59 -------- d-----w- C:\Users\Mcx1\AppData\Local\temp
2010-11-07 18:31:59 . 2010-11-07 18:31:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-11-07 18:20:45 . 2010-11-07 18:21:42 -------- d-----w- C:\32788R22FWJFW
2010-11-06 06:16:29 . 2010-10-07 23:21:31 6146896 ----a-w- C:\PROGRA~2\Microsoft\Windows Defender\Definition Updates\{94BD92A9-EC4A-43E8-9E2D-FCA0DD15B1E2}\mpengine.dll
2010-11-05 18:17:18 . 2010-11-05 18:17:18 -------- d-----w- C:\$RECYCLE(0).BIN
2010-11-05 17:38:27 . 2010-11-05 17:38:27 -------- d-----w- C:\Program Files\NCH Software
2010-11-05 17:38:21 . 2010-11-05 17:38:21 -------- d-----w- C:\Users\CAllen\AppData\Roaming\NCH Software
2010-11-04 18:19:32 . 2010-11-04 18:19:32 -------- d-----w- C:\_OTL
2010-10-14 07:08:14 . 2010-09-13 13:56:02 168960 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-14 07:08:13 . 2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2010-10-14 07:05:18 . 2010-06-28 17:00:21 1316864 ----a-w- C:\Windows\system32\ole32.dll
2010-10-14 07:05:18 . 2010-06-28 14:54:38 339968 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 07:04:51 . 2010-08-31 13:27:38 2038272 ----a-w- C:\Windows\system32\win32k.sys
2010-10-14 07:04:40 . 2010-09-06 16:20:29 125952 ----a-w- C:\Windows\system32\srvsvc.dll
2010-10-14 07:04:40 . 2010-09-06 13:45:38 304128 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-10-14 07:04:40 . 2010-09-06 13:45:22 145408 ----a-w- C:\Windows\system32\drivers\srv2.sys
2010-10-14 07:04:40 . 2010-09-06 13:45:19 102400 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 07:04:39 . 2010-09-06 16:19:06 17920 ----a-w- C:\Windows\system32\netevent.dll
2010-10-14 07:03:12 . 2010-08-10 15:53:15 274944 ----a-w- C:\Windows\system32\schannel.dll
2010-10-14 07:03:07 . 2010-08-26 16:37:45 157184 ----a-w- C:\Windows\system32\t2embed.dll
2010-10-14 07:01:52 . 2010-08-31 15:46:37 954752 ----a-w- C:\Windows\system32\mfc40.dll
2010-10-14 07:01:51 . 2010-08-31 15:46:37 954288 ----a-w- C:\Windows\system32\mfc40u.dll
2010-10-14 07:01:10 . 2010-05-04 19:13:07 231424 ----a-w- C:\Windows\system32\msshsq.dll
2010-10-14 07:01:00 . 2010-08-20 16:05:07 867328 ----a-w- C:\Windows\system32\wmpmde.dll
2010-10-14 05:52:51 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-07 06:09:36 . 2010-06-02 20:54:56 60936 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2010-11-07 06:09:36 . 2010-06-02 20:54:56 126856 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2010-10-19 15:41:44 . 2009-10-03 05:14:37 222080 ------w- C:\Windows\system32\MpSigStub.exe
2010-09-08 15:17:46 . 2010-09-08 15:17:46 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 . 2010-09-08 15:17:46 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2010-08-17 14:11:37 . 2010-09-15 00:19:23 128000 ----a-w- C:\Windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 21:36:30 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 19:30:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 21:07:08 320832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 19:21:52 246504]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 06:09:35 281768]
"Mobile Connectivity Suite"="C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 20:19:48 598016]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 07:44:40 500208]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-09-08 15:17:42 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-09-24 06:10:52 421160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 8th, 2010, 6:50 pm

The latest log does not look complete, did you post it all ? If not can you post the rest.

However, I suspect you're going to say that that's all there is, in which case for some reason Combofix did not complete its run successfully.

I see from the log that Windows Defender is enabled, you should have disabled it. This could be the reason that Combofix has not managed to run properly, so the first thing I'd like to try is to disable Windows Defender and then try running Combofix again.

To disable Windows Defender Real-time Protection
  • Open Windows Defender.
  • Click on Tools > General Settings.
  • Scroll down to Real-time Protection Options.
  • Uncheck Turn on Real Time Protection (recommended).
  • Close Windows Defender.
Once Combofix has run successfully you can re-enable Windows Defender Real Time Protection.

Now try to run Combofix again, using the instructions below.

  • Click Start > Run
  • Copy/Paste "%userprofile%\desktop\combofix.exe" /killall into the Run box.
  • Click OK
  • Combofix will now run.
  • When finished, it'll produce a log for you.
  • Post that log in your next reply please. (or retrieve it from C:\Combofix.txt and post it.)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google links redirect and start up problems

Unread postby icecream90 » November 10th, 2010, 2:44 am

In windows defender there is "Settings" but nothing else of which you put, is there another way to disable it?
icecream90
Regular Member
 
Posts: 28
Joined: October 29th, 2010, 1:33 am

Re: Google links redirect and start up problems

Unread postby Gary R » November 10th, 2010, 3:19 am

Try these instructions instead ....

  • Open Windows Defender
  • Click Tools > Options > Real Time Protection
  • Now uncheck the following ...
    • Use real time protection (recommended) .... this will uncheck the other items listed automatically.
  • Click Save
  • Exit out of Windows Defender.

If they don't correspond to the version of Windows Defender that you have then try ....

  • Open Windows Defender.
  • Click Tools > Options > Administrator
  • Uncheck Use Windows Defender
  • Click Save.
  • Admin permissions are needed, so if prompted enter your Admin password.
  • Exit Windows Defender


PS. Combofix has been updated, so delete the current version of Combofix.exe on your desktop (don't delete any other combofix files or folders) and download a new version to your desktop from ..... Here .... before running the Combofix scan.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware