Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FireFox Google "goored"


  • This topic is locked This topic is locked
22 replies to this topic

#1 charlie12

charlie12

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 19 January 2009 - 09:15 PM

When I search a subject on google in Firefox, I get a results page that is normal; however, when I click on one of the results often it takes me to a different website then the intended destination. The website will be related to the topic, but will not be the correct site as designated by the URL. If I go back and click on the original result it will usually go to the correct site. Sometimes it says "googlegoored" in the address bar or something to that effect while my browser is loading the unintended destination site.


DDS (Ver_09-01-18.01) - NTFSx86
Run by Infueden at 18:08:34.50 on Mon 01/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional

5.1.2600.3.1252.1.1033.18.1023.445 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Infueden\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
mSearch Page =
mStart Page = hxxp://www.yahoo.com/
mSearch Bar =

hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www

.yahoo.com/ext/search/search.html
uSearchURL,(Default) =

hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www

.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: CBrowserHelperObject Object:

{ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program

files\googleafe\GoogleAE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} -

c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [MsnMsgr] "c:\program files\windows

live\messenger\MsnMsgr.Exe" /background
uRun: [MSFox] c:\docume~1\infueden\locals~1\temp\a.exe
uRun: [Messenger (Yahoo!)] "c:\program

files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Cognac] c:\docume~1\infueden\locals~1\temp\138.tmp.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared

files\module loader\dllml.exe" -1 audiodrvemulator "c:\program

files\creative\shared files\module loader\audio

emulator\AudDrvEm.dll"
mRun: [type32] "c:\program files\microsoft intellitype

pro\type32.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE

c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common

files\installshield\updateservice\issch.exe" -start
mRun: [IntelWireless] c:\program

files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft

intellipoint\point32.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [EPSON Stylus C66 Series]

c:\windows\system32\spool\drivers\w32x86\3\E_S4I2S1.EXE /P23

"EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
mRun: [XeroxRegistation]

"c:\docume~1\infueden\locals~1\temp\xerox\ereg\EReg.exe" /Startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"

-atboottime
mRun: [Qmemogazin] rundll32.exe "c:\windows\Ajigidoz.dat",e
mRun: [Ebajivumeged] rundll32.exe "c:\windows\iqivudam.dll",e
IE: &AOL Toolbar Search
IE: Google AdSense Preview Tool -

http://pagead2.googlesyndication.com/pagea...w/en/preview.ht

ml
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

{552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common

files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
Notify: IntelWireless - c:\program

files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll,

msnsspc.dll, msansspc.dll

================= FIREFOX ===================

FF - ProfilePath -

c:\docume~1\infueden\applic~1\mozilla\firefox\profiles\wzkgxbf4.d

efault\
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program

files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla

firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media

player\npViewpoint.dll
FF - HiddenExtension: XUL Cache:

{1E50A805-C4E8-49AF-9BE6-606914F1563C} - c:\documents and

settings\infueden\local settings\application

data\{1E50A805-C4E8-49AF-9BE6-606914F1563C}

============= SERVICES / DRIVERS ===============

R4 aawservice;Lavasoft Ad-Aware Service;c:\program

files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2007-12-18 24652]
S3 CTMSFSYN;Creative SoundFont

Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-1-30 159104]
S3 Pronaut_WBD;Pronaut WaveBridge Device

(WDM);c:\windows\system32\drivers\pnwbd.sys [2006-3-5 13440]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys

[2006-2-7 215708]
S3 US122DL;US122 Firmware

Downloader;c:\windows\system32\drivers\US122DL.sys [2006-2-7

17263]
S3 Us122WdmService;US122 Wdm

Audio;c:\windows\system32\drivers\US122Wdm.sys [2006-2-7 84092]
S4 McrdSvc;Media Center Extender

Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2009-01-19 17:23 <DIR> --d----- c:\program

files\Trend Micro
2009-01-18 19:53 54,156 a---h---

c:\windows\QTFont.qfn
2009-01-18 19:53 1,409 a-------

c:\windows\QTFont.for

==================== Find3M ====================

2009-01-19 15:10 38,758 ac------

c:\docume~1\infueden\applic~1\wklnhst.dat
2009-01-19 08:02 42,858 ac------

c:\windows\system32\nvModes.dat
2008-12-12 22:40 3,593,216 a-------

c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a-------

c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 --------

c:\windows\system32\dllcache\srv.sys
2008-12-04 08:32 40,960 a-------

c:\windows\Ajigidoz.dat
2008-11-18 16:10 253,952 a-------

c:\windows\iqivudam.dll
2008-11-18 15:04 253,952 a-------

c:\windows\etecerisu.dll
2008-11-18 13:58 253,952 a-------

c:\windows\ajoligizoy.dll
2008-11-18 12:52 253,952 a-------

c:\windows\oyikukakadikuji.dll
2008-11-18 11:46 253,952 a-------

c:\windows\egipacupodovuje.dll
2008-11-18 08:28 253,952 a-------

c:\windows\ezoqadunujan.dll
2008-11-18 07:22 253,952 a-------

c:\windows\eqapupiyecif.dll
2008-11-18 06:16 253,952 a-------

c:\windows\itatokesikomeje.dll
2008-11-18 05:10 253,952 a-------

c:\windows\etoruqaze.dll
2008-11-18 04:04 253,952 a-------

c:\windows\epanunevifohahur.dll
2008-11-18 02:58 253,952 a-------

c:\windows\aqekicilucip.dll
2008-11-18 01:52 253,952 a-------

c:\windows\ewugeqeluwenuqa.dll
2008-11-18 00:46 253,952 a-------

c:\windows\urudeneq.dll
2008-11-17 23:40 253,952 a-------

c:\windows\isojoqokaqojo.dll
2008-11-17 22:03 253,952 a-------

c:\windows\oqadecod.dll
2008-11-17 20:57 253,952 a-------

c:\windows\ecuqaguvi.dll
2008-11-17 19:51 253,952 a-------

c:\windows\odoyimax.dll
2008-11-17 18:45 253,952 a-------

c:\windows\afifalutih.dll
2008-11-17 17:39 253,952 a-------

c:\windows\aheqaxac.dll
2008-11-17 16:33 253,952 a-------

c:\windows\ocagodobuvogepu.dll
2008-11-17 15:27 253,952 a-------

c:\windows\enelixibug.dll
2008-11-17 14:21 253,952 a-------

c:\windows\ikozakax.dll
2008-11-17 11:03 253,952 a-------

c:\windows\ubeqodad.dll
2008-11-17 10:24 253,952 a-------

c:\windows\ikijazijulucasi.dll
2008-11-17 09:18 253,952 a-------

c:\windows\eseqazaqesu.dll
2008-11-17 08:12 253,952 a-------

c:\windows\amanifusiz.dll
2008-11-17 07:06 253,952 a-------

c:\windows\ofiqoziyijevu.dll
2008-11-17 04:54 253,952 a-------

c:\windows\ufatafuzacan.dll
2008-11-17 03:48 253,952 a-------

c:\windows\inonisix.dll
2008-11-17 01:36 253,952 a-------

c:\windows\adibezaxe.dll
2008-11-16 23:24 253,952 a-------

c:\windows\ejosaxup.dll
2008-11-16 22:18 253,952 a-------

c:\windows\ovixidigib.dll
2008-11-16 21:12 253,952 a-------

c:\windows\iroyifanivago.dll
2008-11-16 18:31 253,952 a-------

c:\windows\otobilob.dll
2008-11-16 17:25 253,952 a-------

c:\windows\omipeyeg.dll
2008-11-16 16:19 253,952 a-------

c:\windows\inacohof.dll
2008-11-16 15:13 253,952 a-------

c:\windows\omahohilofejin.dll
2008-11-16 13:01 253,952 a-------

c:\windows\anodiwox.dll
2008-11-16 11:55 253,952 a-------

c:\windows\avogamepixohay.dll
2008-11-16 10:52 18,432 a-------

c:\windows\system32\msansspc.dll
2008-11-16 10:49 253,952 a-------

c:\windows\acimevocogi.dll
2008-11-16 10:33 2,273 a-------

c:\windows\system32\TDSSlxwp.dll
2008-11-16 10:32 24,576 a-------

c:\windows\Vcuqobo.dll
2008-10-24 03:21 455,296 --------

c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 04:36 286,720 a-------

c:\windows\system32\gdi32.dll
2008-10-23 04:36 286,720 --------

c:\windows\system32\dllcache\gdi32.dll
2008-09-22 12:32 120,688 ac------

c:\docume~1\infueden\applic~1\GDIPFONTCACHEV1.DAT
2006-08-18 05:28 284 ac------

c:\docume~1\infueden\applic~1\ViewerApp.dat
2005-05-13 16:12 217,073 ac-shr--

c:\windows\meta4.exe
2006-02-28 09:35 56 -c-shr--

c:\windows\system32\3CF0168EFF.sys
2005-07-14 11:31 27,648 ac-shr--

c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 ac-shr--

c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 ac-shr--

c:\windows\system32\cygz.dll
2006-05-03 01:06 163,328 -c-shr--

c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 ac-shr--

c:\windows\system32\i420vfw.dll
2007-02-21 02:47 31,232 -c-shr--

c:\windows\system32\msfDX.dll
2005-02-28 12:16 240,128 ac-shr--

c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 ac-shr--

c:\windows\system32\yv12vfw.dll
2008-09-26 23:33 32,768 ac-sh---

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 18:08:49.26 ===============

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 20 January 2009 - 04:50 AM

Hello Charlie12 and welcome to Bleeping Computer,

Please, make sure word wrap in Notepad is off: Format > "Word wrap" should be unchecked ...

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 20 January 2009 - 01:11 PM

GooredFix v1.83 by jpshortstuff
Log created at 09:45 on 20/01/2009 running Option #2 (Infueden)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1E50A805-C4E8-49AF-9BE6-606914F1563C}"="C:\Documents and Settings\Infueden\Local Settings\Application Data\{1E50A805-C4E8-49AF-9BE6-606914F1563C}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Infueden\Local Settings\Application Data\{1E50A805-C4E8-49AF-9BE6-606914F1563C}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"


ComboFix 09-01-19.05 - Infueden 2009-01-20 10:01:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.569 [GMT -8:00]
Running from: c:\documents and settings\Infueden\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msansspc.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\wpv4015.cpx

.
((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-19 17:23 . 2009-01-19 17:23 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 19:53 . 2009-01-18 19:53 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-18 19:53 . 2009-01-18 19:53 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 17:30 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-19 23:10 38,758 -c--a-w c:\documents and settings\Infueden\Application Data\wklnhst.dat
2009-01-15 02:29 --------- d--h--w c:\documents and settings\Infueden\Application Data\Move Networks
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-26 02:52 --------- d-----w c:\documents and settings\Infueden\Application Data\Steinberg
2008-11-26 02:50 --------- d-----w c:\program files\Steinberg
2008-11-26 01:57 --------- d-----w c:\program files\Yahoo!
2008-11-21 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-11-19 00:10 253,952 ----a-w c:\windows\iqivudam.dll
2008-11-18 23:04 253,952 ----a-w c:\windows\etecerisu.dll
2008-11-18 21:58 253,952 ----a-w c:\windows\ajoligizoy.dll
2008-11-18 20:52 253,952 ----a-w c:\windows\oyikukakadikuji.dll
2008-11-18 19:46 253,952 ----a-w c:\windows\egipacupodovuje.dll
2008-11-18 16:28 253,952 ----a-w c:\windows\ezoqadunujan.dll
2008-11-18 15:22 253,952 ----a-w c:\windows\eqapupiyecif.dll
2008-11-18 14:16 253,952 ----a-w c:\windows\itatokesikomeje.dll
2008-11-18 13:10 253,952 ----a-w c:\windows\etoruqaze.dll
2008-11-18 12:04 253,952 ----a-w c:\windows\epanunevifohahur.dll
2008-11-18 10:58 253,952 ----a-w c:\windows\aqekicilucip.dll
2008-11-18 09:52 253,952 ----a-w c:\windows\ewugeqeluwenuqa.dll
2008-11-18 08:46 253,952 ----a-w c:\windows\urudeneq.dll
2008-11-18 07:40 253,952 ----a-w c:\windows\isojoqokaqojo.dll
2008-11-18 06:03 253,952 ----a-w c:\windows\oqadecod.dll
2008-11-18 04:57 253,952 ----a-w c:\windows\ecuqaguvi.dll
2008-11-18 03:51 253,952 ----a-w c:\windows\odoyimax.dll
2008-11-18 02:45 253,952 ----a-w c:\windows\afifalutih.dll
2008-11-18 01:39 253,952 ----a-w c:\windows\aheqaxac.dll
2008-11-18 00:33 253,952 ----a-w c:\windows\ocagodobuvogepu.dll
2008-11-17 23:27 253,952 ----a-w c:\windows\enelixibug.dll
2008-11-17 22:21 253,952 ----a-w c:\windows\ikozakax.dll
2008-11-17 19:03 253,952 ----a-w c:\windows\ubeqodad.dll
2008-11-17 18:24 253,952 ----a-w c:\windows\ikijazijulucasi.dll
2008-11-17 17:18 253,952 ----a-w c:\windows\eseqazaqesu.dll
2008-11-17 16:12 253,952 ----a-w c:\windows\amanifusiz.dll
2008-11-17 15:06 253,952 ----a-w c:\windows\ofiqoziyijevu.dll
2008-11-17 12:54 253,952 ----a-w c:\windows\ufatafuzacan.dll
2008-11-17 11:48 253,952 ----a-w c:\windows\inonisix.dll
2008-11-17 09:36 253,952 ----a-w c:\windows\adibezaxe.dll
2008-11-17 07:24 253,952 ----a-w c:\windows\ejosaxup.dll
2008-11-17 06:18 253,952 ----a-w c:\windows\ovixidigib.dll
2008-11-17 05:12 253,952 ----a-w c:\windows\iroyifanivago.dll
2008-11-17 02:31 253,952 ----a-w c:\windows\otobilob.dll
2008-11-17 01:25 253,952 ----a-w c:\windows\omipeyeg.dll
2008-11-17 00:19 253,952 ----a-w c:\windows\inacohof.dll
2008-11-16 23:13 253,952 ----a-w c:\windows\omahohilofejin.dll
2008-11-16 21:01 253,952 ----a-w c:\windows\anodiwox.dll
2008-11-16 19:55 253,952 ----a-w c:\windows\avogamepixohay.dll
2008-11-16 18:49 253,952 ----a-w c:\windows\acimevocogi.dll
2008-11-16 18:32 24,576 ----a-w c:\windows\Vcuqobo.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-09-22 20:32 120,688 -c--a-w c:\documents and settings\Infueden\Application Data\GDIPFONTCACHEV1.DAT
2006-08-18 13:28 284 -c--a-w c:\documents and settings\Infueden\Application Data\ViewerApp.dat
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2006-02-28 17:35 56 -csh--r c:\windows\system32\3CF0168EFF.sys
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\yv12vfw.dll
2008-09-27 07:33 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SetDefaultMIDI"="MIDIDef.exe" [2005-02-17 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-01-27 45056]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-08 7118848]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"EPSON Stylus C66 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE" [2004-01-13 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"Qmemogazin"="c:\windows\Ajigidoz.dat" [2008-12-04 40960]
"Ebajivumeged"="c:\windows\iqivudam.dll" [2008-11-18 253952]
"nwiz"="nwiz.exe" [2005-09-08 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
-----c--- 2003-06-18 01:00 45056 c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFeatureModeUtility]
-----c--- 2005-01-10 10:52 81920 c:\program files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
-----c--- 2003-09-17 10:43 57344 c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-09-18 06:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 08:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 21:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-04-13 02:48 36975 c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-11-29 08:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-01-19 14:59 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 20:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a--c--- 2005-02-17 07:23 14848 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-18 24652]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-01-30 159104]
S3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2006-02-07 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2006-02-07 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2006-02-07 84092]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-20 c:\windows\Tasks\User_Feed_Synchronization-{3450F342-D0D7-4511-9D0B-CABED4A7FF34}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1168378552\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-EmailScan - c:\program files\mcafee.com\antivirus\mcvsescn.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1168378552\ee\AOLSoftware.exe
MSConfigStartUp-OASClnt - c:\program files\mcafee.com\antivirus\oasclnt.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1168378552\ee\SSCRun.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
Trusted Zone: free.aol.com
DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} - hxxp://www.directxtras.com/speaksforitself/download/speechplugin.cab
FF - ProfilePath - c:\documents and settings\Infueden\Application Data\Mozilla\Firefox\Profiles\wzkgxbf4.default\
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 10:03:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-01-20 10:06:06
ComboFix-quarantined-files.txt 2009-01-20 18:05:03

Pre-Run: 2,718,244,864 bytes free
Post-Run: 2,939,113,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2009-01-14 12:04:08

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 21 January 2009 - 05:46 AM

Hello Charlie12,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/196630/firefox-google-goored/
Collect::
c:\windows\acimevocogi.dll
c:\windows\Vcuqobo.dll
File::
c:\windows\iqivudam.dll
c:\windows\etecerisu.dll
c:\windows\ajoligizoy.dll
c:\windows\oyikukakadikuji.dll
c:\windows\egipacupodovuje.dll
c:\windows\ezoqadunujan.dll
c:\windows\eqapupiyecif.dll
c:\windows\itatokesikomeje.dll
c:\windows\etoruqaze.dll
c:\windows\epanunevifohahur.dll
c:\windows\aqekicilucip.dll
c:\windows\ewugeqeluwenuqa.dll
c:\windows\urudeneq.dll
c:\windows\isojoqokaqojo.dll
c:\windows\oqadecod.dll
c:\windows\ecuqaguvi.dll
c:\windows\odoyimax.dll
c:\windows\afifalutih.dll
c:\windows\aheqaxac.dll
c:\windows\ocagodobuvogepu.dll
c:\windows\enelixibug.dll
c:\windows\ikozakax.dll
c:\windows\ubeqodad.dll
c:\windows\ikijazijulucasi.dll
c:\windows\eseqazaqesu.dll
c:\windows\amanifusiz.dll
c:\windows\ofiqoziyijevu.dll
c:\windows\ufatafuzacan.dll
c:\windows\inonisix.dll
c:\windows\adibezaxe.dll
c:\windows\ejosaxup.dll
c:\windows\ovixidigib.dll
c:\windows\iroyifanivago.dll
c:\windows\otobilob.dll
c:\windows\omipeyeg.dll
c:\windows\inacohof.dll
c:\windows\omahohilofejin.dll
c:\windows\anodiwox.dll
c:\windows\avogamepixohay.dll
c:\windows\Ajigidoz.dat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Qmemogazin"=-
"Ebajivumeged"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the malware sample for further investigation. Please allow this if one of your security programs pops up a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :thumbup2:

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 21 January 2009 - 05:06 PM

ComboFix 09-01-19.05 - Infueden 2009-01-21 13:30:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.573 [GMT -8:00]
Running from: c:\documents and settings\Infueden\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Infueden\Desktop\CFScript
* Created a new restore point

FILE ::
c:\windows\adibezaxe.dll
c:\windows\afifalutih.dll
c:\windows\aheqaxac.dll
c:\windows\Ajigidoz.dat
c:\windows\ajoligizoy.dll
c:\windows\amanifusiz.dll
c:\windows\anodiwox.dll
c:\windows\aqekicilucip.dll
c:\windows\avogamepixohay.dll
c:\windows\ecuqaguvi.dll
c:\windows\egipacupodovuje.dll
c:\windows\ejosaxup.dll
c:\windows\enelixibug.dll
c:\windows\epanunevifohahur.dll
c:\windows\eqapupiyecif.dll
c:\windows\eseqazaqesu.dll
c:\windows\etecerisu.dll
c:\windows\etoruqaze.dll
c:\windows\ewugeqeluwenuqa.dll
c:\windows\ezoqadunujan.dll
c:\windows\ikijazijulucasi.dll
c:\windows\ikozakax.dll
c:\windows\inacohof.dll
c:\windows\inonisix.dll
c:\windows\iqivudam.dll
c:\windows\iroyifanivago.dll
c:\windows\isojoqokaqojo.dll
c:\windows\itatokesikomeje.dll
c:\windows\ocagodobuvogepu.dll
c:\windows\odoyimax.dll
c:\windows\ofiqoziyijevu.dll
c:\windows\omahohilofejin.dll
c:\windows\omipeyeg.dll
c:\windows\oqadecod.dll
c:\windows\otobilob.dll
c:\windows\ovixidigib.dll
c:\windows\oyikukakadikuji.dll
c:\windows\ubeqodad.dll
c:\windows\ufatafuzacan.dll
c:\windows\urudeneq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\acimevocogi.dll
c:\windows\adibezaxe.dll
c:\windows\afifalutih.dll
c:\windows\aheqaxac.dll
c:\windows\Ajigidoz.dat
c:\windows\ajoligizoy.dll
c:\windows\amanifusiz.dll
c:\windows\anodiwox.dll
c:\windows\aqekicilucip.dll
c:\windows\avogamepixohay.dll
c:\windows\ecuqaguvi.dll
c:\windows\egipacupodovuje.dll
c:\windows\ejosaxup.dll
c:\windows\enelixibug.dll
c:\windows\epanunevifohahur.dll
c:\windows\eqapupiyecif.dll
c:\windows\eseqazaqesu.dll
c:\windows\etecerisu.dll
c:\windows\etoruqaze.dll
c:\windows\ewugeqeluwenuqa.dll
c:\windows\ezoqadunujan.dll
c:\windows\ikijazijulucasi.dll
c:\windows\ikozakax.dll
c:\windows\inacohof.dll
c:\windows\inonisix.dll
c:\windows\iqivudam.dll
c:\windows\iroyifanivago.dll
c:\windows\isojoqokaqojo.dll
c:\windows\itatokesikomeje.dll
c:\windows\ocagodobuvogepu.dll
c:\windows\odoyimax.dll
c:\windows\ofiqoziyijevu.dll
c:\windows\omahohilofejin.dll
c:\windows\omipeyeg.dll
c:\windows\oqadecod.dll
c:\windows\otobilob.dll
c:\windows\ovixidigib.dll
c:\windows\oyikukakadikuji.dll
c:\windows\ubeqodad.dll
c:\windows\ufatafuzacan.dll
c:\windows\urudeneq.dll
c:\windows\Vcuqobo.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-19 17:23 . 2009-01-19 17:23 <DIR> d-------- c:\program files\Trend Micro
2009-01-18 19:53 . 2009-01-18 19:53 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-18 19:53 . 2009-01-18 19:53 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 21:22 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-19 23:10 38,758 -c--a-w c:\documents and settings\Infueden\Application Data\wklnhst.dat
2009-01-15 02:29 --------- d--h--w c:\documents and settings\Infueden\Application Data\Move Networks
2008-12-12 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-26 02:52 --------- d-----w c:\documents and settings\Infueden\Application Data\Steinberg
2008-11-26 02:50 --------- d-----w c:\program files\Steinberg
2008-11-26 01:57 --------- d-----w c:\program files\Yahoo!
2008-11-21 04:12 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-09-22 20:32 120,688 -c--a-w c:\documents and settings\Infueden\Application Data\GDIPFONTCACHEV1.DAT
2006-08-18 13:28 284 -c--a-w c:\documents and settings\Infueden\Application Data\ViewerApp.dat
2005-05-14 00:12 217,073 -csha-r c:\windows\meta4.exe
2006-02-28 17:35 56 -csh--r c:\windows\system32\3CF0168EFF.sys
2005-07-14 19:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 09:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2007-02-21 10:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2005-02-28 20:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 07:00 70,656 -csha-r c:\windows\system32\yv12vfw.dll
2008-09-27 07:33 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_10.03.33.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-20 17:30:20 42,858 -c--a-w c:\windows\system32\nvModes.dat
+ 2009-01-21 20:35:30 42,858 -c--a-w c:\windows\system32\nvModes.dat
+ 2009-01-21 21:36:30 16,384 ----atw c:\windows\temp\Perflib_Perfdata_8dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"SetDefaultMIDI"="MIDIDef.exe" [2005-02-17 c:\windows\MIDIDEF.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-01-27 45056]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-08 7118848]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"EPSON Stylus C66 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE" [2004-01-13 99840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"nwiz"="nwiz.exe" [2005-09-08 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 14:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
-----c--- 2003-06-18 01:00 45056 c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFeatureModeUtility]
-----c--- 2005-01-10 10:52 81920 c:\program files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
-----c--- 2003-09-17 10:43 57344 c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2007-09-18 06:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 14:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-03-30 08:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-03-28 21:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-04-13 02:48 36975 c:\program files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-11-29 08:24 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2006-01-19 14:59 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-11-05 20:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a--c--- 2005-02-17 07:23 14848 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-12-18 24652]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-01-30 159104]
S3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-03-05 13440]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2006-02-07 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2006-02-07 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2006-02-07 84092]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\User_Feed_Synchronization-{3450F342-D0D7-4511-9D0B-CABED4A7FF34}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar Search
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
Trusted Zone: free.aol.com
DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} - hxxp://www.directxtras.com/speaksforitself/download/speechplugin.cab
FF - ProfilePath - c:\documents and settings\Infueden\Application Data\Mozilla\Firefox\Profiles\wzkgxbf4.default\
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 13:36:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-01-21 13:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-21 21:42:20
ComboFix2.txt 2009-01-20 18:06:07

Pre-Run: 3,000,717,312 bytes free
Post-Run: 2,958,266,368 bytes free

287 --- E O F --- 2009-01-14 12:04:08




DDS (Ver_09-01-18.01) - NTFSx86
Run by Infueden at 13:56:36.68 on Wed 01/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.603 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Infueden\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [EPSON Stylus C66 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: &AOL Toolbar Search
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\infueden\applic~1\mozilla\firefox\profiles\wzkgxbf4.default\
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {ECD8BC23-42BB-49C7-A63D-711E4930F924} - c:\documents and settings\infueden\local settings\application data\{ecd8bc23-42bb-49c7-a63d-711e4930f924}\

============= SERVICES / DRIVERS ===============

R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-18 24652]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-1-30 159104]
S3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-3-5 13440]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2006-2-7 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2006-2-7 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2006-2-7 84092]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2009-01-20 10:00 <DIR> a-dshr-- C:\cmdcons
2009-01-20 09:54 161,792 a------- c:\windows\SWREG.exe
2009-01-20 09:54 98,816 a------- c:\windows\sed.exe
2009-01-19 17:23 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 19:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-18 19:53 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-01-21 12:35 42,858 ac------ c:\windows\system32\nvModes.dat
2009-01-19 15:10 38,758 ac------ c:\docume~1\infueden\applic~1\wklnhst.dat
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-10-24 03:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-09-22 12:32 120,688 ac------ c:\docume~1\infueden\applic~1\GDIPFONTCACHEV1.DAT
2006-08-18 05:28 284 ac------ c:\docume~1\infueden\applic~1\ViewerApp.dat
2005-05-13 16:12 217,073 ac-shr-- c:\windows\meta4.exe
2006-02-28 09:35 56 -c-shr-- c:\windows\system32\3CF0168EFF.sys
2005-07-14 11:31 27,648 ac-shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 ac-shr-- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 ac-shr-- c:\windows\system32\cygz.dll
2006-05-03 01:06 163,328 -c-shr-- c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 ac-shr-- c:\windows\system32\i420vfw.dll
2007-02-21 02:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll
2005-02-28 12:16 240,128 ac-shr-- c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 ac-shr-- c:\windows\system32\yv12vfw.dll
2008-09-26 23:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 13:56:51.23 ===============


I just checked and it is still getting redirected. I did a search for "music". And got a google result for "music.com". I clicked it and it redirected me me to citysearch.com. Then I looked in my history and it has a few different sites between the one it takes me to instead. The page is c.php with an ip address 64.111.220.234 as the address. There is a c.enhance.com, a t.websearchmaster.net, an adservices10.enhance.com and an ad4.doubleclicker.net are a few of the sites that show up between the click on the google results page and the page they redirect me to which is not the intended site.

Thank you for your help so far.

Edited by charlie12, 21 January 2009 - 05:23 PM.


#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 22 January 2009 - 05:10 AM

Hello Charlie12,

I didn't receive any upload. Was it blocked somehow ?
Another easy way to upload a sample file is :
Simply go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : 1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic=195269
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :thumbup2:
Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the Download button to the right of Java SE Runtime Environment (JRE) 6 Update 11 (first option).
  • Select your Platform (Windows version) and check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click "Continue" and the page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 22 January 2009 - 11:51 AM

I just uploaded the zip file. I didn't see anything that said it was blocked. I tried to upload it just incase, but couldn't find the C:\CF-Submit.htm file to click on.

Thanks so much! You're awesome.

Edited by charlie12, 22 January 2009 - 11:54 AM.


#8 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 22 January 2009 - 12:00 PM

I was able to remove Viewpoint. Nothing happens when I click remove for the Viewpoint Toolbar. Viewpoint manager does not show up in my add/remove programs list.

The two Java 2 Runtime Environment and J2SE Runtime Environment show up in the add/remove programs list, but do not give me an option to remove them.

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 22 January 2009 - 12:55 PM

Hello Charlie12,

I got the upload. :thumbup2:

You can download the Java file and install it,
the older versions will be overwritten.

No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#10 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 22 January 2009 - 04:03 PM

The redirect is still happening. I haven't see google "goored" for awhile though.

Yesterday, I did a search for "music". And got a google result for "music.com". I clicked it and it redirected me me to citysearch.com. Then I looked in my history and it has a few different sites between the one it takes me to instead. The page is c.php with an ip address 64.111.220.234 as the address. There is a c.enhance.com, a t.websearchmaster.net, an adservices10.enhance.com and an ad4.doubleclicker.net are a few of the sites that show up between the click on the google results page and the page they redirect me to which is not the intended site.

I did a different search today and it is still being hijacked.

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 22 January 2009 - 04:37 PM

Hello Charlie12,

I just noticed you still (or again) seem to have that Goored infection. :thumbup2:

That may have been due to an infection that was left to long behind, and regenerated.

Please run the GooredFix routine again,
and post the log, as well as a fresh DDS log.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#12 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 22 January 2009 - 05:11 PM

GooredFix v1.83 by jpshortstuff
Log created at 14:05 on 22/01/2009 running Option #2 (Infueden)
Firefox version 3.0.5 (en-US)
(Subsequent Run)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ECD8BC23-42BB-49C7-A63D-711E4930F924}"="C:\Documents and Settings\Infueden\Local Settings\Application Data\{ECD8BC23-42BB-49C7-A63D-711E4930F924}\"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Infueden\Local Settings\Application Data\{ECD8BC23-42BB-49C7-A63D-711E4930F924}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"





DDS (Ver_09-01-18.01) - NTFSx86
Run by Infueden at 14:06:54.31 on Thu 01/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.581 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Infueden\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [EPSON Stylus C66 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: &AOL Toolbar Search
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: aol.com\free
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\infueden\applic~1\mozilla\firefox\profiles\wzkgxbf4.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-1-30 159104]
S3 Pronaut_WBD;Pronaut WaveBridge Device (WDM);c:\windows\system32\drivers\pnwbd.sys [2006-3-5 13440]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2006-2-7 215708]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2006-2-7 17263]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2006-2-7 84092]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2009-01-22 13:00 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-22 13:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-20 10:00 <DIR> a-dshr-- C:\cmdcons
2009-01-20 09:54 161,792 a------- c:\windows\SWREG.exe
2009-01-20 09:54 98,816 a------- c:\windows\sed.exe
2009-01-19 17:23 <DIR> --d----- c:\program files\Trend Micro
2009-01-18 19:53 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-18 19:53 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-01-21 12:35 42,858 ac------ c:\windows\system32\nvModes.dat
2009-01-19 15:10 38,758 ac------ c:\docume~1\infueden\applic~1\wklnhst.dat
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-09-22 12:32 120,688 ac------ c:\docume~1\infueden\applic~1\GDIPFONTCACHEV1.DAT
2006-08-18 05:28 284 ac------ c:\docume~1\infueden\applic~1\ViewerApp.dat
2005-05-13 16:12 217,073 ac-shr-- c:\windows\meta4.exe
2006-02-28 09:35 56 -c-shr-- c:\windows\system32\3CF0168EFF.sys
2005-07-14 11:31 27,648 ac-shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 14:32 616,448 ac-shr-- c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 ac-shr-- c:\windows\system32\cygz.dll
2006-05-03 01:06 163,328 -c-shr-- c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 ac-shr-- c:\windows\system32\i420vfw.dll
2007-02-21 02:47 31,232 -c-shr-- c:\windows\system32\msfDX.dll
2005-02-28 12:16 240,128 ac-shr-- c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 ac-shr-- c:\windows\system32\yv12vfw.dll
2008-09-26 23:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 14:07:28.64 ===============

#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 22 January 2009 - 05:40 PM

Looking better, Charlie12 :thumbup2:

Now can you remove the old Java versions through Control Panel > Software,
and install the latest version ?

Still getting redirected ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#14 charlie12

charlie12
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 22 January 2009 - 06:42 PM

Thanks. I combed my hair. But now, I can't find my comb! Have you seen it?
:)

No redirects right now. :thumbup2: I'll see if it comes back tomorrow.

The add/remove program list still doesn't give me a change or remove button for the old Java versions when I highlight them. The new Java version does have a remove button though.

Edited by charlie12, 22 January 2009 - 06:42 PM.


#15 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:52 PM

Posted 23 January 2009 - 05:07 AM

Hello Charlie12,

To remove those older Java versions,
you could try JavaRa.
Just download to your desktop, unzip and run JavaRa.exe,
select your language if asked to, and click the "Remove Older Versions" button.
A log file of any executed actions will be displayed once finished.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users