Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and slow operation


  • This topic is locked This topic is locked
13 replies to this topic

#1 ohmomo

ohmomo

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 22 January 2011 - 06:55 PM

Hello;

While searching the other day, I seem to have picked up some sort of virus or malware which causes my google results to be hijacked to some obscure search page when I select and click on one result on a google search. I haven't tried this on other search engines at this time, but with Google, this happens about 60% of the time. I have also noticed that my McAfee is no longer updating properly, and started to notice also that my computer is running more slowly and even occasionally freezing up.
I have tried multiple times to find the problem using Malwarebytes and AdAware, and recently tried using SpyBot Search and Destroy to see if anything came up, but none of these has turned up any suspicious files.
I ran a HijackThis scan and have attached the log I came up with just a few minutes ago. Please help me - I'm so tired of this.

Thank you,

momo

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:24 PM, on 1/22/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Momo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51010t105l04e4ww35w45n2s24s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51010t105l04e4ww35w45n2s24s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51010t105l04e4ww35w45n2s24s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51010t105l04e4ww35w45n2s24s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Oehh] rundll32 "C:\Windows\system32\igfxrtrkc.dll",kpmvtc
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12721 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 22 January 2011 - 09:46 PM

Hello ohmomo ,

Posted Image

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. <_<

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to ohmomo.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 24 January 2011 - 01:14 AM

I downloaded ComboFix, and at first it was telling me that there was a problem with the download and to download again. I did so, and uninstalled McAfee to be on the safe side. I ran the program, which appeared to work properly, but it did not produce a log for me. I tried changing the name to ohmomo.exe and re-ran, but still did not get a log. Is there something else I am overlooking?

#4 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 24 January 2011 - 06:55 PM

Tea;

Sorry for the short response last night -it was late... but thanks for the help.
I ran a troubleshoot on the ComboFix, and this is what it showed me. It also had a text file, which I have pasted below.

Description
This program might not have installed correctly

Problem signature
Problem Event Name: PCA2
Problem Signature 01: ComboFix.exe
Problem Signature 02: 0.0.0.0
Problem Signature 03: ComboFix.exe
Problem Signature 04: unknown
Problem Signature 05: unknown
Problem Signature 06: 1
Problem Signature 07: 200
OS Version: 6.1.7600.2.0.0.768.11
Locale ID: 1033

Files that help describe the problem
appcompat.txt

Here is the text file.
I have disabled the firewall and removed McAfee. Should I remove the other anti-virus programs as well?
Again, thanks for your help, and hope to hear from you soon.





<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="ComboFix.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="Ad-Aware90Install.exe" SIZE="130359064" CHECKSUM="0xA35FE369" BIN_FILE_VERSION="9.0.0.0" BIN_PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Ad-Aware Installation Package " COMPANY_NAME="Lavasoft " FILE_VERSION="9.0.0 " LEGAL_COPYRIGHT="All rights reserved " VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7C5EA3C" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="9.0.0.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="07/05/2007 21:17:36" UPTO_LINK_DATE="07/05/2007 21:17:36" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="ccsetup300.exe" SIZE="2811584" CHECKSUM="0xE31EF528" BIN_FILE_VERSION="2.0.0.0" BIN_PRODUCT_VERSION="2.0.0.0" FILE_DESCRIPTION="CCleaner Installer" COMPANY_NAME="Piriform Ltd" PRODUCT_NAME="CCleaner" FILE_VERSION="2.0.0.0" LEGAL_COPYRIGHT="2005-2010 Piriform Ltd" VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2BB960" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="2.0.0.0" UPTO_BIN_PRODUCT_VERSION="2.0.0.0" LINK_DATE="12/05/2009 22:50:46" UPTO_LINK_DATE="12/05/2009 22:50:46" VER_LANGUAGE="Language Neutral [0x0]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="ComboFix.exe" SIZE="4159756" CHECKSUM="0xB43B7AC9" MODULE_TYPE="WIN32" PE_CHECKSUM="0x407470" LINKER_VERSION="0x0" LINK_DATE="08/16/2009 11:05:35" UPTO_LINK_DATE="08/16/2009 11:05:35" EXPORT_NAME="MZ" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="Firefox Setup 3.6.13.exe" SIZE="8582536" CHECKSUM="0x8151F435" BIN_FILE_VERSION="4.42.0.0" BIN_PRODUCT_VERSION="4.42.0.0" PRODUCT_VERSION="4.42" FILE_DESCRIPTION="Firefox" COMPANY_NAME="Mozilla" PRODUCT_NAME="Firefox" FILE_VERSION="4.42" ORIGINAL_FILENAME="7zS.sfx.exe" INTERNAL_NAME="7zS.sfx" LEGAL_COPYRIGHT="Mozilla" VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x831862" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.42.0.0" UPTO_BIN_PRODUCT_VERSION="4.42.0.0" LINK_DATE="08/15/2006 22:27:50" UPTO_LINK_DATE="08/15/2006 22:27:50" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="googleupdatesetup.exe" SIZE="568832" CHECKSUM="0xA7A47B16" BIN_FILE_VERSION="1.2.183.39" BIN_PRODUCT_VERSION="1.2.183.39" PRODUCT_VERSION="1.2.183.39" FILE_DESCRIPTION="Setup" COMPANY_NAME="Google Inc." PRODUCT_NAME="Setup" FILE_VERSION="1.2.183.39" ORIGINAL_FILENAME="Setup" INTERNAL_NAME="Setup" LEGAL_COPYRIGHT="Copyright 2007-2010 Google Inc." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x97CFE" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.2.183.39" UPTO_BIN_PRODUCT_VERSION="1.2.183.39" LINK_DATE="09/01/2010 06:21:37" UPTO_LINK_DATE="09/01/2010 06:21:37" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="HijackThis.exe" SIZE="388608" CHECKSUM="0x16F0E1BC" BIN_FILE_VERSION="2.0.0.4" BIN_PRODUCT_VERSION="2.0.0.4" PRODUCT_VERSION="2.00.0004" FILE_DESCRIPTION="HijackThis" COMPANY_NAME="Trend Micro Inc." PRODUCT_NAME="HijackThis" FILE_VERSION="2.00.0004" ORIGINAL_FILENAME="HijackThis.exe" INTERNAL_NAME="HijackThis" LEGAL_COPYRIGHT="© 2007 Trend Micro Inc" VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x20000" UPTO_BIN_FILE_VERSION="2.0.0.4" UPTO_BIN_PRODUCT_VERSION="2.0.0.4" LINK_DATE="04/12/2010 18:50:51" UPTO_LINK_DATE="04/12/2010 18:50:51" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="kav2011_11.0.1.400en_us.exe" SIZE="109280088" CHECKSUM="0xC3EE0C2E" BIN_FILE_VERSION="11.0.1.400" BIN_PRODUCT_VERSION="11.0.1.400" PRODUCT_VERSION="11.0.1.400" FILE_DESCRIPTION="Kaspersky Anti-Virus 2011 Setup" COMPANY_NAME="Kaspersky Lab" PRODUCT_NAME="Kaspersky Anti-Virus 2011" FILE_VERSION="11.0.1.400" LEGAL_COPYRIGHT=" 1997-2010 Kaspersky Lab ZAO. All Rights Reserved." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x684329B" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="11.0.1.400" UPTO_BIN_PRODUCT_VERSION="11.0.1.400" LINK_DATE="02/17/2007 12:48:44" UPTO_LINK_DATE="02/17/2007 12:48:44" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="mbam-setup-1.46.exe" SIZE="6153352" CHECKSUM="0xC1B6DF42" BIN_FILE_VERSION="1.46.0.0" BIN_PRODUCT_VERSION="1.46.0.0" PRODUCT_VERSION="1.46 " FILE_DESCRIPTION="Malwarebytes' Anti-Malware " COMPANY_NAME="Malwarebytes Corporation " PRODUCT_NAME="Malwarebytes' Anti-Malware " FILE_VERSION="1.46 " LEGAL_COPYRIGHT=" Malwarebytes Corporation. All rights reserved. " VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x5E2CD7" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="1.46.0.0" UPTO_BIN_PRODUCT_VERSION="1.46.0.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="mbam-setup.exe" SIZE="7734240" CHECKSUM="0x79B001E9" BIN_FILE_VERSION="1.50.1.1100" BIN_PRODUCT_VERSION="1.50.1.1100" PRODUCT_VERSION="1.50.1.1100 " FILE_DESCRIPTION="Malwarebytes' Anti-Malware " COMPANY_NAME="Malwarebytes Corporation " PRODUCT_NAME="Malwarebytes' Anti-Malware " FILE_VERSION="1.50.1.1100 " LEGAL_COPYRIGHT=" Malwarebytes Corporation. All rights reserved. " VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x76C405" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="1.50.1.1100" UPTO_BIN_PRODUCT_VERSION="1.50.1.1100" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="msgr10us(2).exe" SIZE="418584" CHECKSUM="0xFA181DA0" BIN_FILE_VERSION="2010.8.2.1" BIN_PRODUCT_VERSION="2010.8.2.1" FILE_DESCRIPTION="Yahoo! Messenger Suite Install Bootstrapper Setup" COMPANY_NAME="Yahoo! Inc." FILE_VERSION="2010.08.02.01" LEGAL_COPYRIGHT="Copyright © 2010 Yahoo! Inc." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x6A7CF" LINKER_VERSION="0x60001" UPTO_BIN_FILE_VERSION="2010.8.2.1" UPTO_BIN_PRODUCT_VERSION="2010.8.2.1" LINK_DATE="06/06/2009 21:41:48" UPTO_LINK_DATE="06/06/2009 21:41:48" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="msgr10us.exe" SIZE="418584" CHECKSUM="0xFA181DA0" BIN_FILE_VERSION="2010.8.2.1" BIN_PRODUCT_VERSION="2010.8.2.1" FILE_DESCRIPTION="Yahoo! Messenger Suite Install Bootstrapper Setup" COMPANY_NAME="Yahoo! Inc." FILE_VERSION="2010.08.02.01" LEGAL_COPYRIGHT="Copyright © 2010 Yahoo! Inc." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x6A7CF" LINKER_VERSION="0x60001" UPTO_BIN_FILE_VERSION="2010.8.2.1" UPTO_BIN_PRODUCT_VERSION="2010.8.2.1" LINK_DATE="06/06/2009 21:41:48" UPTO_LINK_DATE="06/06/2009 21:41:48" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="picasa38-setup.exe" SIZE="14259704" CHECKSUM="0x1A147736" BIN_FILE_VERSION="3.8.117.16" BIN_PRODUCT_VERSION="3.8.0.0" PRODUCT_VERSION="3.8.0" FILE_DESCRIPTION="Picasa" COMPANY_NAME="Google Inc." PRODUCT_NAME="Picasa Updater" FILE_VERSION="3.8.117.160" ORIGINAL_FILENAME="Picasa Updater" INTERNAL_NAME="Picasa" LEGAL_COPYRIGHT=" 2004-2010 Google Inc." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD9E2DB" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.8.117.16" UPTO_BIN_PRODUCT_VERSION="3.8.0.0" LINK_DATE="10/14/2010 23:37:25" UPTO_LINK_DATE="10/14/2010 23:37:25" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="picpick_inst.exe" SIZE="3530835" CHECKSUM="0xA6742834" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x60000" LINK_DATE="12/05/2009 22:50:52" UPTO_LINK_DATE="12/05/2009 22:50:52" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="RealPlayer.exe" SIZE="598368" CHECKSUM="0x8D3A8209" BIN_FILE_VERSION="3.2.0.67" BIN_PRODUCT_VERSION="3.2.0.67" PRODUCT_VERSION="3.2.0.67" FILE_DESCRIPTION="RealNetworks Installer" COMPANY_NAME="RealNetworks, Inc." PRODUCT_NAME="RealNetworks Installer (32-bit) " FILE_VERSION="3.2.0.67" ORIGINAL_FILENAME="rnsetup.EXE" INTERNAL_NAME="RealNetworks Installer" VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9DEAC" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.2.0.67" UPTO_BIN_PRODUCT_VERSION="3.2.0.67" LINK_DATE="11/04/2010 03:03:42" UPTO_LINK_DATE="11/04/2010 03:03:42" EXPORT_NAME="extractor.exe" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="SkypeSetup.exe" SIZE="955784" CHECKSUM="0x695397E9" BIN_FILE_VERSION="5.0.0.152" BIN_PRODUCT_VERSION="5.0.0.0" PRODUCT_VERSION="5.0" FILE_DESCRIPTION="Skype " COMPANY_NAME="Skype Technologies S.A." PRODUCT_NAME="Skype" FILE_VERSION="5.0.0.152" ORIGINAL_FILENAME="SkypeSetup.exe" INTERNAL_NAME="SkypeSetup.exe" LEGAL_COPYRIGHT="© Skype Technologies S.A." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF69C8" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="5.0.0.152" UPTO_BIN_PRODUCT_VERSION="5.0.0.0" LINK_DATE="10/12/2010 10:36:47" UPTO_LINK_DATE="10/12/2010 10:36:47" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="spybotsd162.exe" SIZE="16409960" CHECKSUM="0xB2D9476F" BIN_FILE_VERSION="1.6.2.0" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="1.6.2 " FILE_DESCRIPTION="Spybot - Search &amp; Destroy " COMPANY_NAME="Safer Networking Limited " PRODUCT_NAME="Spybot - Search &amp; Destroy " FILE_VERSION="1.6.2 " LEGAL_COPYRIGHT=" 2000-2009 Safer Networking Limited. All rights reserved. " VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFA6AAA" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="1.6.2.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="vscan87(2).exe" SIZE="81439161" CHECKSUM="0x47BA2ABA" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x60001" LINK_DATE="06/06/2009 21:41:48" UPTO_LINK_DATE="06/06/2009 21:41:48" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="vscan87.exe" SIZE="81439161" CHECKSUM="0x47BA2ABA" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x60001" LINK_DATE="06/06/2009 21:41:48" UPTO_LINK_DATE="06/06/2009 21:41:48" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="wmpfirefoxplugin(2).exe" SIZE="318904" CHECKSUM="0xD12B4D0A" BIN_FILE_VERSION="6.0.5489.0" BIN_PRODUCT_VERSION="6.0.5489.0" PRODUCT_VERSION="1.0.0.8" FILE_DESCRIPTION="Windows Media Component Setup Application" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows Media Component Setup Application" FILE_VERSION="1.0.0.8" ORIGINAL_FILENAME="WEXTRACT.EXE " INTERNAL_NAME="Wextract " LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x55B77" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="6.0.5489.0" UPTO_BIN_PRODUCT_VERSION="6.0.5489.0" LINK_DATE="08/03/2006 20:27:28" UPTO_LINK_DATE="08/03/2006 20:27:28" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="wmpfirefoxplugin(3).exe" SIZE="318904" CHECKSUM="0xD12B4D0A" BIN_FILE_VERSION="6.0.5489.0" BIN_PRODUCT_VERSION="6.0.5489.0" PRODUCT_VERSION="1.0.0.8" FILE_DESCRIPTION="Windows Media Component Setup Application" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows Media Component Setup Application" FILE_VERSION="1.0.0.8" ORIGINAL_FILENAME="WEXTRACT.EXE " INTERNAL_NAME="Wextract " LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x55B77" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="6.0.5489.0" UPTO_BIN_PRODUCT_VERSION="6.0.5489.0" LINK_DATE="08/03/2006 20:27:28" UPTO_LINK_DATE="08/03/2006 20:27:28" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
<MATCHING_FILE NAME="wmpfirefoxplugin.exe" SIZE="318904" CHECKSUM="0xD12B4D0A" BIN_FILE_VERSION="6.0.5489.0" BIN_PRODUCT_VERSION="6.0.5489.0" PRODUCT_VERSION="1.0.0.8" FILE_DESCRIPTION="Windows Media Component Setup Application" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows Media Component Setup Application" FILE_VERSION="1.0.0.8" ORIGINAL_FILENAME="WEXTRACT.EXE " INTERNAL_NAME="Wextract " LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERDATEHI="0x0" VERDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x55B77" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="6.0.5489.0" UPTO_BIN_PRODUCT_VERSION="6.0.5489.0" LINK_DATE="08/03/2006 20:27:28" UPTO_LINK_DATE="08/03/2006 20:27:28" VER_LANGUAGE="English (United States) [0x409]" EXE_WRAPPER="0x0" />
</EXE>
</DATABASE>

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 25 January 2011 - 07:01 PM

Oy :blink: Sorry, that all does me no good. Have a look for the ComboFix log in C:\ComboFix.txt :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 27 January 2011 - 06:28 PM

Sorry that didn't help.

I've looked for the logfile where you indicated, but nothing. File not found. Sorry. It appears as well that I no longer have any sound when I try to watch anything online, though the speakers work. Any further suggestions?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 27 January 2011 - 11:04 PM

Try to run it in safe mode. Let it reboot if it wants to, then if the log doesn't pop up, look for it where I indicated before. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 27 January 2011 - 11:54 PM

Tea;

Attached File  ComboFix.txt   11.26KB   2 downloadsWell it worked absolutely fine this time - I feel like a bit of an idiot. Here is the ComboFix logfile.

Thanks again!

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 28 January 2011 - 12:15 AM

Aww...don't feel like that. With this malware, things don't always work the way we want them to, so we have to try several different ways at times. :wink:

How is it running now?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 28 January 2011 - 08:36 PM

Computer is running so well I hardly recognize it? Not slow, and have tried multiple searches and not once did I get a redirect!
Thanks so much tea! I feel like a new woman. or a woman with a new computer. lol.

anything else I need to do?
can I reinstall mcafee, or do you have any other recommendations?

Thanks again!

maureen

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 29 January 2011 - 03:06 PM

Hi Maureen :)

Glad to know it, and thank you! :inlove:

Yes, reinstall McAfee.....I want to be sure it's working properly before you go, especially since you had problems with it updating before. :thumbup2:

Uninstall ComboFix by doing the following :

Click Start>Run>Type in, or copy and paste ComboFix /Uninstall > click OK

Let me know how it goes.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 ohmomo

ohmomo
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 January 2011 - 05:57 PM

Tea:

Combofix Uninstall went off without a hitch.
Have re-installed McAfee, and it seems to be working properly now.

And my computer is working so much better now! No slow-ups, no hang-ups, and certainly no re-directs!

Thanks again! :)

m

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 29 January 2011 - 06:18 PM

Excellent. :thumbup2:

If you have any questions or concerns, please do ask. Otherwise I believe we're done. :)

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:41 PM

Posted 12 February 2011 - 03:12 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users