Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE and Google redirects and slowness

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE and Google redirects and slowness

Unread postby booboo » July 12th, 2009, 12:16 am

The compter seems to be running OK. Here are the two logs.



ComboFix 09-07-09.08 - Mike 07/11/2009 20:55.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1270 [GMT -7:00]
Running from: c:\users\Mike\Desktop\combofix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\uTorrent\
c:\program files\uTorrent\\uTorrent.exe
c:\users\Mike\AppData\Roaming\uTorrent

.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 04:04 . 2009-07-12 04:04 -------- d-----w- c:\users\The McNabs\AppData\Local\temp
2009-07-12 04:04 . 2009-07-12 04:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-11 02:57 . 2009-07-11 02:57 -------- d-----w- c:\program files\ESET
2009-07-11 02:55 . 2009-07-11 02:55 -------- d-----w- C:\Rooter$
2009-07-09 00:51 . 2009-07-12 04:04 -------- d-----w- c:\users\Mike\AppData\Local\temp
2009-07-09 00:17 . 2009-07-09 00:51 -------- d-s---w- C:\boobooCF
2009-07-08 04:46 . 2009-07-09 00:04 -------- d-----w- c:\programdata\SITEguard
2009-07-08 04:45 . 2009-07-09 00:05 -------- d-----w- c:\programdata\STOPzilla!
2009-07-08 04:45 . 2009-07-08 04:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\programdata\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 02:20 . 2009-07-07 02:20 -------- d-----w- C:\MGADiagToolOutput
2009-07-07 02:18 . 2009-07-07 02:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-05 10:42 . 2009-07-05 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000360\maindata.sys
2009-07-03 11:07 . 2009-07-03 08:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000359\maindata.sys
2009-07-02 20:37 . 2009-07-02 20:37 -------- d-----w- c:\windows\Intuit
2009-07-01 10:06 . 2009-07-01 08:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000358\maindata.sys
2009-06-30 10:22 . 2009-06-30 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000357\maindata.sys
2009-06-28 10:01 . 2009-06-28 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000356\maindata.sys
2009-06-27 06:34 . 2009-06-27 06:34 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 09:55 . 2009-06-26 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000355\maindata.sys
2009-06-25 10:20 . 2009-06-25 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000354\maindata.sys
2009-06-23 10:06 . 2009-06-23 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000353\maindata.sys
2009-06-22 10:12 . 2009-06-22 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000352\maindata.sys
2009-06-19 10:08 . 2009-06-19 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000351\maindata.sys
2009-06-18 10:49 . 2009-06-18 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000350\maindata.sys
2009-06-16 10:22 . 2009-06-16 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000349\maindata.sys
2009-06-15 10:18 . 2009-06-15 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000348\maindata.sys
2009-06-13 04:27 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 04:27 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 04:04 . 2007-12-11 02:23 -------- d-----w- c:\program files\Weather Watcher
2009-07-12 03:42 . 2008-02-15 21:00 -------- d-----w- c:\users\Mike\AppData\Roaming\CoreFTP
2009-07-11 23:43 . 2009-02-26 15:01 -------- d-----w- c:\users\Mike\AppData\Roaming\SolidDocuments
2009-07-11 19:11 . 2007-10-10 14:53 -------- d-----w- c:\programdata\Google Updater
2009-07-11 18:28 . 2009-06-20 17:50 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-11 18:28 . 2009-06-20 17:50 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 00:59 . 2009-05-21 19:54 -------- d-----w- c:\program files\GE Security Supra
2009-07-06 17:52 . 2009-06-20 17:50 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-04 15:33 . 2007-10-08 21:09 75280 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 15:30 . 2009-02-26 18:28 -------- d-----w- c:\programdata\WebEx
2009-07-03 01:20 . 2009-04-11 20:43 -------- d-----w- c:\program files\Softomate
2009-07-03 01:19 . 2008-08-02 01:10 -------- d-----w- c:\programdata\Droppix
2009-07-03 01:08 . 2007-10-08 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 23:26 . 2009-05-08 15:51 34 ----a-w- c:\users\Mike\jagex_runescape_preferences.dat
2009-07-02 20:43 . 2007-10-16 00:41 -------- d-----w- c:\program files\Quark
2009-07-02 20:36 . 2008-02-04 20:33 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-02 20:30 . 2008-03-18 23:35 -------- d-----w- c:\program files\Transaction Viewer
2009-07-02 20:29 . 2009-02-06 04:28 -------- d-----w- c:\program files\Scan2Email
2009-07-02 20:24 . 2007-11-07 15:32 -------- d-----w- c:\program files\phelios
2009-07-02 20:05 . 2007-10-11 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 00:22 . 2009-06-17 00:22 2678 ----a-w- c:\windows\Java\Packages\Data\GJ53RNFF.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\8OGIG5N9.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\13RFTV5V.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\0QQ2X31Z.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\XFNB571R.DAT
2009-06-11 08:04 . 2009-06-11 11:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000347\maindata.sys
2009-06-09 08:09 . 2009-06-09 10:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000346\maindata.sys
2009-06-08 08:04 . 2009-06-08 10:49 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000345\maindata.sys
2009-06-07 08:04 . 2009-06-07 10:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000344\maindata.sys
2009-06-06 08:08 . 2009-06-06 10:41 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000343\maindata.sys
2009-06-04 08:02 . 2009-06-04 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000342\maindata.sys
2009-06-03 08:07 . 2009-06-03 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000341\maindata.sys
2009-06-01 17:51 . 2009-06-01 17:51 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 17:51 . 2009-02-07 18:00 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 08:05 . 2009-06-01 10:19 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000340\maindata.sys
2009-05-31 08:01 . 2009-05-31 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000339\maindata.sys
2009-05-29 08:01 . 2009-05-29 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000338\maindata.sys
2009-05-28 08:01 . 2009-05-28 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000337\maindata.sys
2009-05-26 08:03 . 2009-05-26 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000336\maindata.sys
2009-05-25 08:06 . 2009-05-25 10:32 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000335\maindata.sys
2009-05-23 08:01 . 2009-05-23 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000334\maindata.sys
2009-05-22 08:01 . 2009-05-22 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000333\maindata.sys
2009-05-21 20:00 . 2009-05-21 20:00 159744 ----a-w- c:\windows\system32\libssl32.dll
2009-05-21 19:58 . 2009-05-21 19:58 -------- d-----w- c:\program files\SiLabs
2009-05-20 08:02 . 2009-05-20 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000332\maindata.sys
2009-05-19 08:04 . 2009-05-19 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000331\maindata.sys
2009-05-17 08:03 . 2009-05-17 10:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000330\maindata.sys
2009-05-16 11:17 . 2009-05-16 11:17 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 08:06 . 2009-05-16 10:12 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000329\maindata.sys
2009-05-15 15:07 . 2009-05-15 15:07 -------- d-----w- c:\users\Mike\AppData\Roaming\j2 Global
2009-05-15 15:06 . 2009-05-15 15:04 -------- d-----w- c:\program files\eFax Messenger 4.4
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\users\Mike\AppData\Roaming\eFax Messenger
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Output
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Setup
2009-05-13 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 08:01 . 2009-05-13 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000328\maindata.sys
2009-05-12 08:03 . 2009-05-12 10:33 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000327\maindata.sys
2009-05-10 08:01 . 2009-05-10 09:47 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000326\maindata.sys
2009-05-09 08:07 . 2009-05-09 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000325\maindata.sys
2009-05-09 05:50 . 2009-06-11 21:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 21:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 08:05 . 2009-05-08 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000324\maindata.sys
2009-05-06 08:03 . 2009-05-06 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000323\maindata.sys
2009-05-05 08:05 . 2009-05-05 09:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000322\maindata.sys
2009-04-28 08:02 . 2009-04-28 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000321\maindata.sys
2009-04-27 08:03 . 2009-04-27 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000320\maindata.sys
2009-04-25 17:50 . 2009-04-25 17:51 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-25 17:50 . 2009-04-25 17:50 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-25 08:05 . 2009-04-25 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000319\maindata.sys
2009-04-24 08:06 . 2009-04-24 10:21 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000318\maindata.sys
2009-04-23 12:43 . 2009-06-11 21:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 21:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 08:02 . 2009-04-22 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000317\maindata.sys
2009-04-21 11:55 . 2009-06-11 21:18 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-21 08:03 . 2009-04-21 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000316\maindata.sys
2009-04-19 08:03 . 2009-04-19 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000315\maindata.sys
2009-04-18 08:01 . 2009-04-18 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000314\maindata.sys
2009-04-17 08:05 . 2009-04-17 10:24 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000313\maindata.sys
2009-04-16 08:04 . 2009-04-16 09:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000312\maindata.sys
2009-04-15 08:03 . 2009-04-15 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000311\maindata.sys
2009-04-14 08:02 . 2009-04-14 09:52 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000310\maindata.sys
2009-04-13 08:01 . 2009-04-13 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000309\maindata.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-09_00.48.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-08 21:43 . 2009-07-09 01:01 47830 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-09 01:01 51458 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-08 21:10 . 2009-07-09 01:01 12230 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1304129043-3560768821-2314269622-1000_UserData.bin
- 2006-11-02 13:02 . 2009-07-09 00:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-09 00:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-02-27 16:15 . 2007-02-27 16:15 86016 c:\windows\Downloaded Program Files\FNISPrintControl.DLL
- 2009-07-09 00:28 . 2009-07-09 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 00:59 . 2009-07-09 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 00:59 . 2009-07-09 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-09 00:28 . 2009-07-09 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-29 16:02 . 2009-07-12 03:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-29 16:02 . 2009-07-09 00:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 13:02 . 2009-07-09 00:28 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-24 1024000]
"HeavyWeatherPublisher"="c:\heavyweather\HeavyWeatherPublisher.exe" [2004-02-23 1302528]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
heavy weather.lnk - c:\heavyweather\heavy weather.exe [2008-5-29 781312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-16 267520]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-21 102400]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304129043-3560768821-2314269622-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF30177E-832C-4FDC-BC0B-BC600980AD93}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{ACDE4EBC-2BFD-4F07-A787-4AD9F2DCD6ED}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{06382373-B64E-4273-9A70-EE238908FC7F}c:\\heavyweather\\heavyweatherpublisher.exe"= UDP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"UDP Query User{D36987B9-453F-42E3-8418-A0D958E4ADFA}c:\\heavyweather\\heavyweatherpublisher.exe"= TCP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"{95A2EB96-0EA2-41E6-9EEB-30B1B89CEFB9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B88C1CED-D3D3-4375-9ABA-8F788E7BFA85}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FCD8F623-A087-4669-A53B-F32FDF4FF627}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{169C5D8E-BCC9-4515-8FC0-A5404FF608F8}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{012F66A6-BA01-4529-81E4-DD53DDA8580D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1908D85-57A5-4ECC-BC58-4AF0416FB4D6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F15B34C-CE3D-486E-B0C3-5D6E98DC5521}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16FBAFA9-5E2A-4FE6-95F8-7F705CF707F5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3664C764-F9A6-495E-A5EF-6608A8E160D3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{631700FC-4863-4986-B7D0-F0D980218F4E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6BD418A9-B6D8-4998-82A0-1A4DFE10F393}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21F3024E-E12C-4EED-A0B1-68226AD0622E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6DA64838-F3B8-4B49-9667-C93C051B8893}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F3273D3-45E2-4A0F-8F44-4F3FE11289E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/25/2009 10:51 AM 64160]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [3/15/2009 6:58 PM 192512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/4/2007 11:31 AM 1153368]
R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\Installer\MSIF8BC.tmp [2/26/2009 8:00 AM 189696]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\Installer\MSIEE5E.tmp [2/26/2009 8:18 AM 189696]
S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 7:16 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:47]

2009-07-11 c:\windows\Tasks\GBM - Backup Job-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2007-10-08 12:28]

2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-10 06:07]

2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: fnismls.com
Trusted Zone: superior-host.com
TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/i ... pysafe.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 21:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFCreatorPlusReadSpool]
"ImagePath"="c:\windows\Installer\MSIF8BC.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFToolsReadSpool]
"ImagePath"="c:\windows\Installer\MSIEE5E.tmp"
.
Completion time: 2009-07-12 21:08
ComboFix-quarantined-files.txt 2009-07-12 04:08
ComboFix2.txt 2009-07-09 00:51
ComboFix3.txt 2009-01-20 23:56

Pre-Run: 63,835,328,512 bytes free
Post-Run: 63,860,453,376 bytes free

577 --- E O F --- 2009-07-09 23:05




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=229919dd5f062e4aac4bf693c7c874d1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-11 05:26:51
# local_time=2009-07-10 10:26:51 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5889 61 66 100 465616931725047
# scanned=343980
# found=6
# cleaned=6
# scan_time=8739
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXvuchpbbghnqprgdoapxxpikchbxfytpv.dll.vir a variant of Win32/Kryptik.UX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXxneyeaxxtdcpieqvibmnyvfeoxmrcyvg.dll.vir Win32/Agent.PRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\senekawppoicro.dll.vir a variant of Win32/Kryptik.FX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\senekaxdqewxri.dll.vir a variant of Win32/Adware.Virtumonde.NCB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\senekanusinvjf.sys.vir a variant of Win32/Kryptik.UZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
booboo
Active Member
 
Posts: 10
Joined: July 2nd, 2009, 2:54 pm
Advertisement
Register to Remove

Re: IE and Google redirects and slowness

Unread postby Jack&Jill » July 13th, 2009, 7:38 pm

Hello booboo,

Sorry for the delay. A few more things before we are done.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Correct a registry key
  • Open Notepad. Copy and paste the following text into it:
    Code: Select all
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{95A2EB96-0EA2-41E6-9EEB-30B1B89CEFB9}"=-
    "{B88C1CED-D3D3-4375-9ABA-8F788E7BFA85}"=-
    
    
    Note: Copy exactly everything in the code box. Make sure there is no empty lines at the beginning, and have one empty line at the end of the codes.
  • Save it as Fix.reg at the desktop. Make sure the Save as type: is All Files (*.*).
  • Double click on Fix.reg. When it asks you to merge the information to the registry, click Yes.

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

You should download and install the free Adobe Reader 9 that comes with free online Acrobat.com beta.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
  • Go to the Adobe download page. Click here.
  • If your OS is not the same as stated, click on Different language or operating system? link, or you can click Download if it is and jump to the last step below.
  • Choose an OS by clicking on Select an OS... box and change the language if you want by clicking English below Select a language title.
  • Press Continue.
  • Click the Download now button and save the file to a convenient location after selecting the latest version. Allow if prompted.
  • Run the downloaded file to continue with the installation.

Please post back a new HijackThis log.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: IE and Google redirects and slowness

Unread postby Jack&Jill » July 16th, 2009, 7:40 pm

Hello booboo,

It has been 3 days since my last post. We have yet to complete all the malware removal steps to make your computer safer. Any problems following my instructions? Need more time?

According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If I do not get any within the next 24 hours, this topic will be closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: IE and Google redirects and slowness

Unread postby booboo » July 16th, 2009, 8:17 pm

All is good. Thanks for your help.
booboo
Active Member
 
Posts: 10
Joined: July 2nd, 2009, 2:54 pm

Re: IE and Google redirects and slowness

Unread postby Jack&Jill » July 16th, 2009, 8:25 pm

Hello booboo,

You are welcome, but we are not done. Please post a new HijackThis log.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: IE and Google redirects and slowness

Unread postby NonSuch » July 20th, 2009, 5:23 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware