Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirect me to other sites....


  • This topic is locked This topic is locked
3 replies to this topic

#1 bleostic

bleostic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 31 October 2010 - 07:29 PM

This is my first post on this forum and am a new member, my name is Peter and I am from Illinois. I have a problem though, for quite some time I have had problems with clicking on links to search results in Google. They seem to redirect me to websites that have a different URL than the ones I clicked on. Now last week someone from Kuwait hacked into my Face book page. Ever since I have tried every virus scanner that exists, every malware remover possible, in normal mode, safe mode. Some found stuff, like PC doctor I believe and removed it, but the problem remained. I eventually had a life malware scanner that detected the redirects every time I searched Google and blocked the suspicious website each time. But none of these programs were able to remove the culprit itself. I still have the redirecting problem and even was blocked from saving a file to the desktop, telling me it was not possible to safe anything to this folder. Then I tried again and then it worked. Same with the redirect links, they redirect, but when I go back to Google results and click on the link again the correct website and URL appears... I am at my wits end. What do I need to do??? I have planned to completely do a fresh install of Windows 7 and format my C drive in the next few days. But am waiting on the arrival of my portable hard drive to make my necessary backup.

I did perform one last scan with Combofix as suggested in several forums. I first wasn't able to run it, it would freeze everything up. But it worked in Safe Mode. I did delete a few things but don't know if the problem has been solved or not. Most likely not... I have a log from this scan and will post it underneath. I hope someone is able to help me with this terrible time I am having with my computer and malware...

ComboFix 10-10-31.01 - Koedijk 10/31/2010 18:50:46.1.1 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1527.1045 [GMT -5:00]
Running from: c:\users\Koedijk\Desktop\test.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{525D3~1
c:\progra~1\COMMON~1\{525D3~1\slscp.log
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\autorun.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\readme.txt
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.exe
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.MSI
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\ivr.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\SLExtBU\Setup.scp
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slusbvip.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.cat
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.inf
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvad.sys
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipco.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\slvipgx.dll
c:\progra~1\COMMON~1\{525D3~1\SLTLINK\TLRecAgent.sys
c:\users\Koedijk\AppData\Local\{6E40B402-D0B6-42F1-8843-8BAC00E1FBBC}
c:\users\Koedijk\AppData\Local\{6E40B402-D0B6-42F1-8843-8BAC00E1FBBC}\chrome.manifest
c:\users\Koedijk\AppData\Local\{6E40B402-D0B6-42F1-8843-8BAC00E1FBBC}\chrome\content\_cfg.js
c:\users\Koedijk\AppData\Local\{6E40B402-D0B6-42F1-8843-8BAC00E1FBBC}\chrome\content\overlay.xul
c:\users\Koedijk\AppData\Local\{6E40B402-D0B6-42F1-8843-8BAC00E1FBBC}\install.rdf
c:\users\Koedijk\AppData\Roaming\EurekaLog
c:\users\Koedijk\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Koedijk\g2mdlhlpx.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 23:58 . 2010-10-31 23:59 -------- d-----w- c:\users\Koedijk\AppData\Local\temp
2010-10-31 23:58 . 2010-10-31 23:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 23:58 . 2010-10-31 23:58 -------- d-----w- c:\users\Riley M. Koedijk\AppData\Local\temp
2010-10-31 23:58 . 2010-10-31 23:58 -------- d-----w- c:\users\Kiosk\AppData\Local\temp
2010-10-31 03:59 . 2010-10-31 03:59 -------- d-----w- c:\users\Koedijk\AppData\Local\Threat Expert
2010-10-30 17:18 . 2010-10-31 14:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-10-28 00:43 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-21 22:50 . 2010-10-30 02:56 -------- d-----w- c:\program files\Panda Security
2010-10-16 05:26 . 2010-10-16 05:26 -------- d-----w- c:\program files\Common Files\Skype
2010-10-16 05:26 . 2010-10-16 05:26 -------- d-----r- c:\program files\Skype
2010-10-16 03:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 03:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 03:45 . 2010-10-16 03:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 01:12 . 2010-10-22 01:08 -------- d-----w- c:\users\Koedijk\AppData\Roaming\QuickScan
2010-10-13 20:44 . 2010-10-13 20:49 -------- d-----w- c:\users\Koedijk\AppData\Roaming\AVG
2010-10-13 19:49 . 2010-10-13 19:49 -------- d-----w- C:\$AVG
2010-10-13 18:27 . 2010-10-13 18:27 -------- d--h--w- c:\programdata\Common Files
2010-10-13 18:24 . 2010-10-31 14:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-13 18:24 . 2010-10-13 18:28 -------- d-----w- c:\programdata\AVG10
2010-10-13 18:11 . 2010-10-13 18:23 -------- d-----w- c:\programdata\MFAData
2010-10-13 17:00 . 2010-09-01 05:44 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-10-13 16:58 . 2010-10-13 16:58 -------- d-----w- c:\program files\Feedback Tool
2010-10-13 03:29 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 03:29 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 03:29 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 03:29 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 03:28 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 03:28 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 03:28 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 03:28 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 03:28 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 03:28 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 03:26 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 03:26 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 03:26 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 03:26 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 03:26 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 03:26 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-13 02:03 . 2010-10-13 02:13 -------- d-----w- c:\users\Koedijk\AppData\Roaming\Spider Player
2010-10-13 02:03 . 2010-10-13 02:03 -------- d-----w- c:\program files\Spider Player
2010-10-12 08:55 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78FE663C-52A9-496B-8E00-37A4E3B32E6E}\mpengine.dll
2010-10-12 05:33 . 2010-10-12 05:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-12 05:27 . 2010-10-12 05:27 -------- d-----w- c:\users\Koedijk\AppData\Local\Sunbelt Software
2010-10-12 05:26 . 2010-10-29 21:12 -------- d-----w- c:\programdata\Lavasoft
2010-10-12 04:28 . 2010-10-31 03:55 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-10-12 04:20 . 2010-10-31 04:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-12 04:20 . 2010-10-12 04:28 -------- d-----w- c:\programdata\Hitman Pro
2010-10-12 04:20 . 2010-10-12 04:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-12 03:54 . 2009-11-16 03:50 85656 ----a-w- c:\windows\system32\drivers\slvad.sys
2010-10-12 03:54 . 2009-11-16 03:50 591640 ----a-w- c:\windows\system32\drivers\slusbvip.sys
2010-10-12 03:54 . 2009-11-16 03:50 37208 ----a-w- c:\windows\system32\drivers\TLRecAgent.sys
2010-10-12 03:36 . 2009-10-30 20:03 248656 ----a-w- c:\windows\system32\slvipgx.dll
2010-10-09 00:07 . 2010-10-09 00:07 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 18:42 . 2010-09-27 18:41 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-09-27 09:49 . 2010-09-27 04:54 0 ----a-w- c:\users\Koedijk\AppData\Local\Ydowoba.bin
2010-09-27 04:53 . 2010-09-27 04:53 139 ----a-w- c:\users\Koedijk\AppData\Roaming\jsdfgs500.bat
2010-09-13 21:27 . 2010-09-13 21:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 08:49 . 2010-09-07 08:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 08:48 . 2010-09-07 08:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 08:48 . 2010-09-07 08:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 08:48 . 2010-09-07 08:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-21 05:32 . 2010-09-15 20:33 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-20 02:42 . 2010-08-20 02:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-20 02:42 . 2010-08-20 02:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 02:42 . 2010-08-20 02:42 21072 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-16 06:15 . 2010-09-15 18:58 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-08-16 06:14 . 2010-09-15 18:58 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-08-16 06:14 . 2010-09-15 18:58 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-08-16 06:14 . 2010-09-15 18:58 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-08-16 06:14 . 2010-09-15 18:58 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart\0bootdelete

[HKLM\~\startupfolder\C:^Users^Koedijk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRMonitor.exe]
2006-12-27 23:52 548864 ----a-w- c:\program files\USRobotics\USRobotics USB Telephone Adapter\USRMonitor.exe

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [2007-03-01 538096]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 136176]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2010-07-06 173352]
R2 VService;VService;c:\program files\USRobotics\USRobotics USB Telephone Adapter\VServ.exe [2006-12-24 105208]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 21072]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-03-12 30576]
R3 slusbvip;SL3800 USB Driver;c:\windows\system32\DRIVERS\slusbvip.sys [2009-11-16 591640]
R3 SLVAD_simple;USRobotics Virtual Audio;c:\windows\system32\drivers\slvad.sys [2009-11-16 85656]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S0 TLRecAgent;TLRecAgent;c:\windows\system32\DRIVERS\TLRecAgent.sys [2009-11-16 37208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-03 15:32]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:55]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = 83.98.144.90:80
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\users\Koedijk\AppData\Roaming\Mozilla\Firefox\Profiles\s0ru6koy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\users\Koedijk\AppData\Roaming\Mozilla\Firefox\Profiles\s0ru6koy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Koedijk\AppData\Roaming\Mozilla\Firefox\Profiles\s0ru6koy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-31 19:01:53
ComboFix-quarantined-files.txt 2010-11-01 00:01

Pre-Run: 34,052,976,640 bytes free
Post-Run: 33,833,725,952 bytes free

- - End Of File - - F102A47A1F96CF2886BADE8BABE76BFA

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 08 November 2010 - 01:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Do not Attach logs unless I ask you to.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Posted Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.


information and logs:

In your next post I need the following

1.logs from DDS
2.log from GMER
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 11 November 2010 - 12:40 AM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 14 November 2010 - 12:40 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users