Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect + Malwarebyes Freezing


  • This topic is locked This topic is locked
2 replies to this topic

#1 tostadas

tostadas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 21 August 2009 - 03:04 AM

Just starting yesterday my computer was overrun with a bunch of problems including fake programs such as Windows Antivirus Pro, and problems that prevented me from opening any .exe files. In an attempt to remedy these problems, I have downloaded and installed the following:

-Malwarebytes
-AVG
-Java Update 15
-Adobe Reader 9.1 update

The malwarebytes and avg were able to find several problems and fix them, but I am still left with two that I cannot seem to fix. After a second round of full scans, the programs found no problems so I thought everything was ok. However Google has begun to redirect me to bogus sites. In addition, the last 3 times that I have tried running Malwarebytes, the program has frozen on me (program not responding). I am not sure if the malwarebytes freezing is related to this issue.

Thank you in advance for your help and support.


DDS (Ver_09-07-30.01) - NTFSx86
Run by brandon at 0:33:18.71 on Fri 08/21/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2503 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\mobsync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Users\brandon\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Aim6]
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: avgrsstx.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\unqijwk8.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\brandon\appdata\roaming\mozilla\firefox\profiles\unqijwk8.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01);user_pref(general.useragent.extra.zencast,
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-19 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-6-30 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-19 297752]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-7-1 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-7-1 7424]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-20 38160]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-7-1 209408]

=============== Created Last 30 ================

2009-08-21 00:05 <DIR> --d----- c:\program files\Panda USB Vaccine
2009-08-20 23:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-20 22:05 0 a------- C:\backup.reg
2009-08-20 22:05 135,168 a------- C:\zip.exe
2009-08-20 22:05 19,286 a------- C:\cleanup.exe
2009-08-20 22:05 574 a------- C:\cleanup.bat
2009-08-20 15:31 <DIR> --d----- c:\users\brandon\appdata\roaming\Malwarebytes
2009-08-20 15:31 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-20 15:31 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-20 15:31 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-20 15:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-20 15:31 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-20 15:09 <DIR> --d----- c:\programdata\NortonInstaller
2009-08-20 15:09 <DIR> --d----- c:\progra~2\NortonInstaller
2009-08-19 23:10 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-19 22:22 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-19 22:22 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-19 22:22 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 22:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-19 22:21 <DIR> --d----- c:\program files\AVG
2009-08-19 22:21 <DIR> --d----- c:\programdata\avg8
2009-08-19 22:21 <DIR> --d----- c:\progra~2\avg8
2009-08-19 22:00 <DIR> --d----- c:\programdata\WindowsSearch
2009-08-19 20:59 <DIR> --d----- c:\users\brandon\appdata\roaming\AVG8
2009-08-14 23:36 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-14 23:36 139,152 a------- c:\users\brandon\appdata\roaming\PnkBstrK.sys
2009-08-14 23:36 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-08-14 23:36 794,408 a------- c:\windows\system32\pbsvc.exe
2009-08-14 23:36 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-08-14 22:12 <DIR> --d----- c:\program files\EA Games

==================== Find3M ====================

2009-08-20 15:20 42,381 a------- c:\users\brandon\appdata\roaming\nvModes.dat
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-06-24 12:56 78,246 a------- c:\windows\War3Unin.dat
2009-06-15 07:54 175,104 a------- c:\windows\system32\wdigest.dll
2009-06-15 07:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 07:53 72,704 a------- c:\windows\system32\secur32.dll
2009-06-15 07:53 270,848 a------- c:\windows\system32\schannel.dll
2009-06-15 07:53 218,624 a------- c:\windows\system32\msv1_0.dll
2009-06-15 07:52 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-06-15 07:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 07:52 499,712 a------- c:\windows\system32\kerberos.dll
2009-06-15 07:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 07:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 05:48 9,728 a------- c:\windows\system32\lsass.exe
2009-06-15 05:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-10 04:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-06-10 04:38 91,136 a------- c:\windows\system32\avifil32.dll
2009-06-04 05:07 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-05-26 20:05 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-26 20:05 143,360 a------- c:\windows\inf\infstor.dat
2009-05-26 20:05 86,016 a------- c:\windows\inf\infpub.dat
2009-05-26 19:58 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-09 20:31 28,029 a------- c:\programdata\nvModes.dat
2008-07-09 20:31 28,029 a------- c:\progra~2\nvModes.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:34:54.97 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 tostadas

tostadas
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:22 PM

Posted 22 August 2009 - 01:03 PM

update: please disregard this topic. I have just decided it would be easier to reformat my computer.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:22 PM

Posted 02 September 2009 - 09:33 PM

Hello

Thank you for letting us know. Sometimes a reformat and reinstall is the quickest and easiest solution. Since you are reformatting, this thread will now be closed.

In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users