Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Returns Limited and Often Unrelated Results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Search Returns Limited and Often Unrelated Results

Unread postby islandFevor » September 22nd, 2010, 10:50 pm

Description of the problem:

When I perform a Google search I receive very limited or even unrelated search results. Thanks in advance for the help!


********************************************************************************************

HijackThis.log:

********************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:00 PM, on 9/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.21.0.21\Spoon-Sandbox.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

(file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spoon Sandbox Manager 3.21.lnk = C:\Documents and Settings\Owner\Local Settings\Application

Data\Spoon\3.21.0.21\Spoon-Sandbox-Native.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C :\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windows ... 7652941984
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -

http://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6200 bytes

********************************************************************************************

uninstall_list.txt:

********************************************************************************************

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AutoHotkey 1.0.47.04
CDBurnerXP Pro 3
Charles
ClamWin Free Antivirus 0.96.2.1
Critical Update for Windows Media Player 11 (KB959772)
Fiddler (remove only)
File Security Manager
GIMPshop 2.2.8
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 7
Lexmark 2600 Series
Lexmark Fax Solutions
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MLDownloader
Mozilla Firefox (3.5.10)
MSDN Library - Visual Studio 6.0a
MSXML 6.0 Parser (KB933579)
Notepad++
OpenOffice.org 3.2
Polipo 1.0.4.1
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
StockWiz 5.0
Sygate Personal Firewall
Tor 0.2.1.26
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Vidalia 0.2.9
VLC media player 1.1.4
WebEx
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
islandFevor
Active Member
 
Posts: 6
Joined: September 22nd, 2010, 10:38 pm
Advertisement
Register to Remove

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby jmw3 » September 25th, 2010, 11:31 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

First thing I would like you to do is to turn Word Wrap off in Notepad:
  • Open Notepad then on the Toolbar click Format
  • Make sure Word Wrap is unticked then close Notepad

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby islandFevor » September 27th, 2010, 12:40 am

Thank you very much for your help with this. I really appreciate it. I was able to complete all but the last step of the instructions above. While running GMER Rootkit Scanner I experienced a system crash. The scanner ran for some odd 10 hours and had only progressed about half way through the "S" directories so I just let it run. After 13 hours I checked back on the progress and noticed that the computer had re-booted. I can include the error report if you would like but basically the log file said that the system had experience a "Stop (blue screen) error caused by a device or driver"... "You received this message because a hardware device, its driver, or related software has caused a stop error, also called a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem."

I will attempt to run the GMER Rootkit Scanner again over night but in the mean time here is the DDS.scr scan results:

**************************************************************************************************
DDS.txt
**************************************************************************************************


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:08:04.75 on Sun 09/26/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.502 [GMT -6:00]

FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Owner\Local Settings\Application Data\Spoon\3.21.0.21\Spoon-Sandbox.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\Hijack This\Cleanup Files\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cnet.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = localhost:8080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spoons~1.lnk - c:\documents and settings\owner\local settings\application data\spoon\3.21.0.21\Spoon-Sandbox-Native.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 7652941984
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\9dfkvyqw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnet.com
FF - plugin: c:\documents and settings\owner\local settings\application data\spoon\3.21.0.21\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\java\jdk1.6.0_18\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2010-3-28 98984]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2010-09-25 22:04:18 0 d-----w- C:\Backups
2010-09-22 05:42:25 0 d-----w- C:\Cliff
2010-09-22 04:45:37 0 d-----w- c:\program files\Trend Micro
2010-09-20 07:16:48 0 d-----w- c:\program files\VideoLAN
2010-09-20 07:08:59 0 d-----w- C:\MIT Lectures
2010-09-11 20:30:45 0 d-----w- C:\Vehicles

==================== Find3M ====================

2008-11-07 11:07:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110720081108\index.dat

============= FINISH: 8:08:48.43 ===============


**************************************************************************************************
Attach.txt
**************************************************************************************************


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2007 5:29:34 PM
System Uptime: 9/24/2010 9:18:29 AM (47 hours ago)

Motherboard: IBM | | IBM
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | WMT478/NWD | 2992/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 234 GiB total, 199.911 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP815: 6/28/2010 4:23:40 PM - System Checkpoint
RP816: 6/29/2010 5:06:09 PM - System Checkpoint
RP817: 6/30/2010 6:29:55 PM - System Checkpoint
RP818: 7/1/2010 7:09:47 PM - System Checkpoint
RP819: 7/2/2010 7:29:05 PM - System Checkpoint
RP820: 7/3/2010 7:53:07 PM - System Checkpoint
RP821: 7/4/2010 8:05:06 PM - System Checkpoint
RP822: 7/5/2010 9:05:04 PM - System Checkpoint
RP823: 7/6/2010 9:33:07 PM - System Checkpoint
RP824: 7/7/2010 9:41:06 PM - System Checkpoint
RP825: 7/8/2010 10:05:05 PM - System Checkpoint
RP826: 7/9/2010 11:03:39 PM - System Checkpoint
RP827: 7/10/2010 11:48:18 PM - System Checkpoint
RP828: 7/12/2010 1:00:19 AM - System Checkpoint
RP829: 7/13/2010 2:00:18 AM - System Checkpoint
RP830: 7/14/2010 3:12:20 AM - System Checkpoint
RP831: 7/15/2010 5:41:54 PM - System Checkpoint
RP832: 7/16/2010 5:48:03 PM - System Checkpoint
RP833: 7/17/2010 6:48:03 PM - System Checkpoint
RP834: 7/18/2010 7:59:31 PM - System Checkpoint
RP835: 7/19/2010 11:40:16 PM - System Checkpoint
RP836: 7/20/2010 11:52:01 PM - System Checkpoint
RP837: 7/21/2010 6:43:41 AM - Software Distribution Service 3.0
RP838: 7/22/2010 7:02:02 AM - System Checkpoint
RP839: 7/23/2010 7:07:06 AM - System Checkpoint
RP840: 7/24/2010 8:28:49 AM - System Checkpoint
RP841: 7/25/2010 8:57:37 AM - System Checkpoint
RP842: 7/26/2010 9:13:12 PM - System Checkpoint
RP843: 7/27/2010 10:42:18 PM - System Checkpoint
RP844: 7/28/2010 11:30:19 PM - System Checkpoint
RP845: 7/30/2010 1:58:45 AM - System Checkpoint
RP846: 7/31/2010 2:30:16 AM - System Checkpoint
RP847: 8/1/2010 5:41:45 AM - System Checkpoint
RP848: 8/2/2010 5:54:20 AM - System Checkpoint
RP849: 8/3/2010 6:06:18 AM - System Checkpoint
RP850: 8/4/2010 6:55:43 AM - System Checkpoint
RP851: 8/5/2010 7:48:49 AM - System Checkpoint
RP852: 8/6/2010 9:16:15 AM - System Checkpoint
RP853: 8/7/2010 9:47:08 AM - System Checkpoint
RP854: 8/8/2010 10:06:17 AM - System Checkpoint
RP855: 8/9/2010 11:40:23 AM - System Checkpoint
RP856: 8/10/2010 2:23:45 AM - Software Distribution Service 3.0
RP857: 8/11/2010 2:56:46 AM - System Checkpoint
RP858: 8/12/2010 3:21:59 AM - System Checkpoint
RP859: 8/13/2010 4:34:38 AM - System Checkpoint
RP860: 8/14/2010 4:46:34 AM - System Checkpoint
RP861: 8/15/2010 5:34:38 AM - System Checkpoint
RP862: 8/16/2010 5:47:10 AM - System Checkpoint
RP863: 8/17/2010 6:46:35 AM - System Checkpoint
RP864: 8/18/2010 7:10:35 AM - System Checkpoint
RP865: 8/19/2010 7:22:35 AM - System Checkpoint
RP866: 8/20/2010 8:07:15 AM - System Checkpoint
RP867: 8/21/2010 9:22:36 AM - System Checkpoint
RP868: 8/22/2010 9:34:35 AM - System Checkpoint
RP869: 8/23/2010 9:47:40 AM - System Checkpoint
RP870: 8/24/2010 10:14:15 AM - System Checkpoint
RP871: 8/25/2010 10:50:35 AM - System Checkpoint
RP872: 8/26/2010 11:46:36 AM - System Checkpoint
RP873: 8/27/2010 11:58:35 AM - System Checkpoint
RP874: 8/28/2010 12:34:38 PM - System Checkpoint
RP875: 8/29/2010 12:58:36 PM - System Checkpoint
RP876: 8/30/2010 1:12:33 PM - System Checkpoint
RP877: 8/31/2010 2:32:42 PM - System Checkpoint
RP878: 9/1/2010 3:20:42 PM - System Checkpoint
RP879: 9/2/2010 4:18:04 PM - System Checkpoint
RP880: 9/3/2010 4:57:44 PM - System Checkpoint
RP881: 9/4/2010 5:08:40 PM - System Checkpoint
RP882: 9/5/2010 5:44:45 PM - System Checkpoint
RP883: 9/6/2010 6:08:40 PM - System Checkpoint
RP884: 9/7/2010 7:56:13 PM - System Checkpoint
RP885: 9/8/2010 8:35:14 PM - System Checkpoint
RP886: 9/9/2010 9:14:01 PM - System Checkpoint
RP887: 9/10/2010 9:36:27 PM - System Checkpoint
RP888: 9/11/2010 10:00:25 PM - System Checkpoint
RP889: 9/12/2010 10:12:26 PM - System Checkpoint
RP890: 9/13/2010 11:00:25 PM - System Checkpoint
RP891: 9/15/2010 12:00:31 AM - System Checkpoint
RP892: 9/16/2010 12:12:28 AM - System Checkpoint
RP893: 9/17/2010 1:01:25 AM - System Checkpoint
RP894: 9/18/2010 2:12:26 AM - System Checkpoint
RP895: 9/19/2010 2:36:28 AM - System Checkpoint
RP896: 9/21/2010 4:02:46 AM - System Checkpoint
RP897: 9/22/2010 4:07:13 AM - System Checkpoint
RP898: 9/23/2010 4:18:57 AM - System Checkpoint
RP899: 9/24/2010 5:30:53 AM - System Checkpoint
RP900: 9/25/2010 10:38:10 AM - System Checkpoint
RP901: 9/25/2010 3:58:12 PM - Pre Malware Removal

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
AutoHotkey 1.0.47.04
CDBurnerXP Pro 3
Charles
ClamWin Free Antivirus 0.96.2.1
Critical Update for Windows Media Player 11 (KB959772)
Fiddler (remove only)
File Security Manager
Flash Domination
GIMPshop 2.2.8
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 7
Lexmark 2600 Series
Lexmark Fax Solutions
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
MLDownloader
Mozilla Firefox (3.5.10)
MSDN Library - Visual Studio 6.0a
MSXML 6.0 Parser (KB933579)
Notepad++
OpenOffice.org 3.2
Polipo 1.0.4.1
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spoon Sandbox Manager 3.21
StockWiz 5.0
Sygate Personal Firewall
Tor 0.2.1.26
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
Vidalia 0.2.9
VLC media player 1.1.4
WebEx
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/24/2010 9:19:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService service to connect.
9/24/2010 9:19:06 AM, error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
islandFevor
Active Member
 
Posts: 6
Joined: September 22nd, 2010, 10:38 pm

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby jmw3 » September 27th, 2010, 12:46 am

Hi

Try running Gmer by booting your computer into Safe Mode & running it from there.

Could you also run the following (in Normal Mode):

Rootkit Unhooker
Download Rootkit Unhooker from Here & save it on your desktop.
  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers and Stealth Code, uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it such as your desktop then click Close
  • Copy/paste the entire contents of the report & post it in your next reply
Note - You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby islandFevor » September 29th, 2010, 7:30 am

Hi - thanks again for the help. Sorry about the delay on this - I ran into trouble because the GMER utility would hang even in safe mode. The problem was that I had a huge directory full of intraday stock quotes. I went ahead and deleted the data because I couldn't complete the requested tasks while it was there and I don't need it anymore. Just to give you an idea of how much data we're talking about, it took 10 hours just to delete the directory and then empty the trash can! I'll re-run the GMER utility and then the Rootkit Unhooker program and post when done. Thanks for your patience :-)
islandFevor
Active Member
 
Posts: 6
Joined: September 22nd, 2010, 10:38 pm

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby jmw3 » September 29th, 2010, 8:01 am

No problem :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby islandFevor » September 30th, 2010, 4:33 am

Hi - I finally was able to get the GMER scan utility to run without crashing! The application finished and said, "GMER hasn't found any system modification. The Report.txt file that was generated was blank.

Running the Rootkit Unhooker utility generated the following Report.txt file:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF063000 C:\WINDOWS\System32\ialmdd5.DLL 774144 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF756E000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 724992 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7419000 C:\WINDOWS\system32\drivers\smwdm.sys 614400 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF76DC000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE34B000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7357000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE456000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEDE27000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xED73B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF77FA000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEDEA6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF76AF000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xED2FD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE3BB000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF74E6000 C:\WINDOWS\system32\DRIVERS\e1000325.sys 167936 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xEE408000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF750F000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xEE430000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xBF03E000 C:\WINDOWS\System32\ialmdev5.DLL 151552 bytes (Intel Corporation, Component GHAL Driver)
0xF73F5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7536000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF74AF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEE3E6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7792000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77CA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 122880 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7692000 Teefer.sys 118784 bytes (Sygate Technologies, Inc., Teefer Driver)
0xF7678000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73DD000 C:\WINDOWS\system32\drivers\aeaudio.sys 98304 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xF77B2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEE30B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7769000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF73C6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xED962000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF74D2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF755A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE4AF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7780000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF77E9000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF73B5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEE53A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF78F9000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7AB9000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF78D9000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF78C9000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEDA4F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7999000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7889000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF78A9000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78E9000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7869000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7919000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A79000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF78B9000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7859000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7909000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7849000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7979000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7939000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7879000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEE54A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7AA9000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7929000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7A69000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEDBAF000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A49000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A39000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 36864 bytes (Sygate Technologies, Inc., wpsdrvnt)
0xF7BC1000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7C29000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7C39000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7BB9000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BD9000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7C11000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AC9000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7C49000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7BC9000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BD1000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7BB1000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7C19000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C01000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7C21000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AD1000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BE9000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BF1000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7BE1000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B11000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF762F000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7D2D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEE203000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D19000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7CF9000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C59000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF6652000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D01000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7D21000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7CD9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEE117000 C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xEE113000 C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xEE10F000 C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xEE10B000 C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xF7D91000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D9F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D8F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D4D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D49000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D93000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D97000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D95000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D81000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D83000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D4B000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7F6A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7F1C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E22000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E11000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x03E60000 Hidden Image-->app4r.monitor.common.dll [ EPROCESS 0x86B545E0 ] PID: 1976, 36864 bytes
0x03FD0000 Hidden Image-->app4r.monitor.core.dll [ EPROCESS 0x86B545E0 ] PID: 1976, 45056 bytes
0x04020000 Hidden Image-->app4r.devmons.mcmdevmon.dll [ EPROCESS 0x86B545E0 ] PID: 1976, 69632 bytes
islandFevor
Active Member
 
Posts: 6
Joined: September 22nd, 2010, 10:38 pm

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby jmw3 » September 30th, 2010, 11:26 am

Hi

Tor 0.2.1.26 - If your using this I would assume you would also be aware of Freenet? I believe they basically work the same way, do they not?

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby islandFevor » October 3rd, 2010, 6:32 pm

Hello. This is working much better now. Thank you! The ComboFix log is below. I haven't heard of Freenet before but it looks great - I'll give it a try. Thank you again!

ComboFix 10-09-30.03 - Owner 10/01/2010 6:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.621 [GMT -6:00]
Running from: c:\downloads\Hijack This\Cleanup Files\ComboFix.exe
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-09-25 22:04 . 2010-09-25 22:08 -------- d-----w- C:\Backups
2010-09-22 05:42 . 2010-09-22 05:42 -------- d-----w- C:\Cliff
2010-09-22 04:45 . 2010-09-22 04:45 -------- d-----w- c:\program files\Trend Micro
2010-09-20 07:25 . 2010-09-20 08:22 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-09-20 07:16 . 2010-09-20 07:16 -------- d-----w- c:\program files\VideoLAN
2010-09-20 07:08 . 2010-09-20 07:09 -------- d-----w- C:\MIT Lectures
2010-09-11 20:30 . 2010-09-11 20:30 -------- d-----w- C:\Vehicles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 12:38 . 2010-06-27 10:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Tor
2010-09-30 07:59 . 2010-06-27 10:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Vidalia
2010-09-03 04:46 . 2010-06-09 00:55 -------- d-----w- c:\program files\Domination
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 10:26 . 2010-06-08 00:01 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-10 14:59 . 2008-08-12 08:51 -------- d-----w- c:\program files\Notepad++
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 21:34 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-09 17:10 . 2007-08-20 23:37 26920 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 19:52 . 2007-10-04 17:07 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-05-07 19:52 . 2007-10-04 17:07 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-07 19:52 . 2009-05-07 19:52 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-05-07 19:52 . 2009-05-07 19:52 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2010-08-19 86016]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-05-25 5475403]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2007-12-17 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2007-12-17 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 320168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-16 2577632]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
Spoon Sandbox Manager 3.21.lnk - c:\documents and settings\Owner\Local Settings\Application Data\Spoon\3.21.0.22\Spoon-Sandbox-Native.exe [2010-9-29 268536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 17:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\launch4j-tmp\\Charles.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [3/28/2010 9:35 AM 98984]
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\MLDownloader.job
- c:\program files\MLDownloader\MLDownloader.exe [2008-06-29 01:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnet.com/
uInternet Settings,ProxyServer = localhost:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\9dfkvyqw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnet.com
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Spoon\3.21.0.22\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-StockWiz - c:\stockw~1\Setup.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-01 06:46:27
ComboFix-quarantined-files.txt 2010-10-01 12:46

Pre-Run: 224,468,213,760 bytes free
Post-Run: 224,434,057,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7D8D1404A82D761AE2FF74DB5BC0EB31
islandFevor
Active Member
 
Posts: 6
Joined: September 22nd, 2010, 10:38 pm

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby Wingman » October 6th, 2010, 9:32 am

Hello islandFevor,

Sorry for the delay getting back to your log. jmw3 has been unavoidably pulled away on another matter.
I will be assisting you. :) Please give me a little time to review the latest logs and I'll get back to you as soon as possible.

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 12419
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby Wingman » October 6th, 2010, 3:54 pm

Hello islandFevor,

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
If you already have this program installed, please proceed to the Run: portion of these instructions.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings...
  4. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
    Say "NO" if prompted or asked if you want to add ERUNT to the Start-Up folder. You can enable this later.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware <<---Important!
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Quick Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  4. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
    When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  3. Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3.
ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 4.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
You need to be connected to the Internet, so RSIT can download HijackThis, if needed.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    These log files can be found in the C:\RSIT folder
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results.
  3. ESET scan results
  4. RSIT log.txt and info.txt file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 12419
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Google Search Returns Limited and Often Unrelated Result

Unread postby Wingman » October 9th, 2010, 7:48 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh DDS log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 12419
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware