Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Constantly Getting Redirected


  • This topic is locked This topic is locked
7 replies to this topic

#1 DeathlessDragon

DeathlessDragon

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 04 November 2011 - 02:11 AM

Hello, for the past year or so most of the links form Google searches get redirected to unfamiliar search engines and websites. All the anti viruses/malware I have tried has not found anything, so I hope someone here can help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
Run by HP_Administrator at 18:27:47 on 2011-11-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.279 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sluggy.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Persistence] c:\windows\system32\igfxpers.exe
uRun: [ehTray] c:\windows\ehome\ehtray.exe
uRun: [Reminder] c:\windows\creator\Remind_XP.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\hp\digital imaging\bin\hposol08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartw~1.lnk - c:\program files\netgear\wg111 configuration utility\WG111CFG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 213.109.64.200 213.109.73.8 1.1.1.1
TCP: Interfaces\{789A9348-C047-4506-A74F-9610FE85A473} : DhcpNameServer = 213.109.64.200 213.109.73.8 1.1.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ra9bifmd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsld733706a;MpKsld733706a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b6b5a4b-13b4-4041-868b-fd2671de9b99}\MpKsld733706a.sys [2011-11-3 28752]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-29 328536]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-3 366152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-3 22216]
S1 MpKsl04cdddc0;MpKsl04cdddc0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\mpksl04cdddc0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\MpKsl04cdddc0.sys [?]
S1 MpKsl103d905c;MpKsl103d905c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d5d8eea-2628-47b8-9569-f4e295c29937}\mpksl103d905c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0d5d8eea-2628-47b8-9569-f4e295c29937}\MpKsl103d905c.sys [?]
S1 MpKsl3db7d958;MpKsl3db7d958;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c54df82-584e-4475-ab4b-2068dc638781}\mpksl3db7d958.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c54df82-584e-4475-ab4b-2068dc638781}\MpKsl3db7d958.sys [?]
S1 MpKsl689a06a3;MpKsl689a06a3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bcac1780-484f-4bd0-9161-b5f7c8c7c3b3}\mpksl689a06a3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bcac1780-484f-4bd0-9161-b5f7c8c7c3b3}\MpKsl689a06a3.sys [?]
S1 MpKsl6be2f3cc;MpKsl6be2f3cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933482ff-dcf5-43a6-a384-8efc0ba44fcc}\mpksl6be2f3cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933482ff-dcf5-43a6-a384-8efc0ba44fcc}\MpKsl6be2f3cc.sys [?]
S1 MpKsl6cd57689;MpKsl6cd57689;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\mpksl6cd57689.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\MpKsl6cd57689.sys [?]
S1 MpKsl6f6e24fb;MpKsl6f6e24fb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5867be27-f1ba-4c38-8132-5bb638870e54}\mpksl6f6e24fb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5867be27-f1ba-4c38-8132-5bb638870e54}\MpKsl6f6e24fb.sys [?]
S1 MpKsl9837cb1e;MpKsl9837cb1e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{931e3267-94f5-4300-ba25-f43c418b87c1}\mpksl9837cb1e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{931e3267-94f5-4300-ba25-f43c418b87c1}\MpKsl9837cb1e.sys [?]
S1 MpKsl98f59e4c;MpKsl98f59e4c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{905aab46-8ca9-46a6-8b85-9e5c6d110959}\mpksl98f59e4c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{905aab46-8ca9-46a6-8b85-9e5c6d110959}\MpKsl98f59e4c.sys [?]
S1 MpKsl9919780a;MpKsl9919780a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5f93c21-f5b1-496a-ac3e-825da32659e1}\mpksl9919780a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5f93c21-f5b1-496a-ac3e-825da32659e1}\MpKsl9919780a.sys [?]
S1 MpKslaf7b9461;MpKslaf7b9461;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72c3b68d-78f3-454d-a504-1fd7bf61acae}\mpkslaf7b9461.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72c3b68d-78f3-454d-a504-1fd7bf61acae}\MpKslaf7b9461.sys [?]
S1 MpKsld723a590;MpKsld723a590;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{23a3b397-161a-42f6-ae14-68bc301d9a13}\mpksld723a590.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{23a3b397-161a-42f6-ae14-68bc301d9a13}\MpKsld723a590.sys [?]
S1 MpKsld79bf295;MpKsld79bf295;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\mpksld79bf295.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\MpKsld79bf295.sys [?]
S1 MpKsldeb117a6;MpKsldeb117a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3368aeb6-0d11-4547-b27d-6fc5da8f9118}\mpksldeb117a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3368aeb6-0d11-4547-b27d-6fc5da8f9118}\MpKsldeb117a6.sys [?]
S1 MpKsle585de4e;MpKsle585de4e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9058b277-02cb-4b12-be37-272783128049}\mpksle585de4e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9058b277-02cb-4b12-be37-272783128049}\MpKsle585de4e.sys [?]
S1 MpKsleab6c135;MpKsleab6c135;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccf0984f-0ba1-49d3-9fb5-c64ceb8fa1a7}\mpksleab6c135.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccf0984f-0ba1-49d3-9fb5-c64ceb8fa1a7}\MpKsleab6c135.sys [?]
S1 MpKsled39e944;MpKsled39e944;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{489f5038-2b00-4264-bfd3-d4e38c94dc47}\mpksled39e944.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{489f5038-2b00-4264-bfd3-d4e38c94dc47}\MpKsled39e944.sys [?]
S1 MpKslf1e29cc2;MpKslf1e29cc2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18934c86-38ef-4724-9a28-16f92db676b8}\mpkslf1e29cc2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{18934c86-38ef-4724-9a28-16f92db676b8}\MpKslf1e29cc2.sys [?]
S1 MpKslf4808fac;MpKslf4808fac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933482ff-dcf5-43a6-a384-8efc0ba44fcc}\mpkslf4808fac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{933482ff-dcf5-43a6-a384-8efc0ba44fcc}\MpKslf4808fac.sys [?]
S1 MpKslfa9937d0;MpKslfa9937d0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\mpkslfa9937d0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4470e3e6-4035-416a-a46f-4f85cc3212d2}\MpKslfa9937d0.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\hp_administrator\application data\nvidia\hwaccess.sys --> c:\documents and settings\hp_administrator\application data\nvidia\HWAccess.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-04 00:38:39 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2011-11-04 00:37:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 00:37:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 22:48:43 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b6b5a4b-13b4-4041-868b-fd2671de9b99}\MpKsld733706a.sys
2011-11-03 22:48:03 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b6b5a4b-13b4-4041-868b-fd2671de9b99}\offreg.dll
2011-11-03 22:47:35 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b6b5a4b-13b4-4041-868b-fd2671de9b99}\mpengine.dll
2011-11-03 05:10:58 -------- d-sha-r- C:\cmdcons
2011-11-03 05:06:03 -------- d-----w- C:\ComboFix
2011-11-03 04:44:50 388096 ----a-r- c:\documents and settings\hp_administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-03 04:44:48 -------- d-----w- c:\program files\Trend Micro
2011-10-21 07:35:45 -------- d-----w- c:\documents and settings\hp_administrator\application data\RenPy
.
==================== Find3M ====================
.
2011-10-26 21:14:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 20:49:22 796672 ----a-w- c:\windows\GPInstall.exe
2011-09-27 23:21:59 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-27 23:21:59 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ------w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:28:49.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 AM

Posted 05 November 2011 - 08:57 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DeathlessDragon

DeathlessDragon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 06 November 2011 - 10:53 PM

ComboFix 11-11-06.02 - HP_Administrator 11/06/2011 18:00:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
.
---- Previous Run -------
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
C:\LOG10C.tmp
C:\LOG117.tmp
C:\LOG11E.tmp
C:\LOG129.tmp
C:\LOG137.tmp
C:\LOG139.tmp
C:\LOG172.tmp
C:\LOG19C.tmp
C:\LOG1AA.tmp
C:\LOG1AD.tmp
C:\LOG1BB.tmp
C:\LOG1C7.tmp
C:\LOG1F6.tmp
C:\LOG213.tmp
C:\LOG22.tmp
C:\LOG3A9.tmp
C:\LOG3EA.tmp
C:\LOG57C.tmp
C:\LOG6D.tmp
C:\LOGAA.tmp
C:\LOGD.tmp
C:\LOGF3.tmp
C:\readme.txt
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\kb913800.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 02:08 . 2011-11-07 02:08 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D496143-00ED-4A2A-A7D3-4DDECCF095A3}\offreg.dll
2011-11-06 17:20 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4D496143-00ED-4A2A-A7D3-4DDECCF095A3}\mpengine.dll
2011-11-05 03:23 . 2011-11-05 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\YouTube Downloader
2011-11-04 00:38 . 2011-11-04 00:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2011-11-03 04:44 . 2011-11-03 04:44 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-03 04:44 . 2011-11-03 04:44 -------- d-----w- c:\program files\Trend Micro
2011-10-21 07:35 . 2011-10-21 07:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RenPy
2011-10-12 21:19 . 2011-10-12 21:19 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-11 22:58 . 2011-10-11 22:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 21:14 . 2011-06-21 23:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2010-08-01 01:59 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-30 20:49 . 2011-09-30 20:49 796672 ----a-w- c:\windows\GPInstall.exe
2011-09-27 23:21 . 2011-06-04 03:40 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-27 23:21 . 2011-06-04 03:40 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-26 18:41 . 2010-03-18 18:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 04:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-22 23:48 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-10 04:00 138496 ------w- c:\windows\system32\drivers\afd.sys
2011-10-02 02:51 . 2011-08-03 15:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-06-23 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Steam"="c:\program files\Steam\steam.exe" [2011-10-09 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-23 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]
officejet 6100.lnk - c:\program files\HP\Digital Imaging\bin\hposol08.exe [2002-6-11 147456]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2007-2-17 1044577]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-10-20 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-20 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-20 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\champions online\\Champions Online\\Live\\GameClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\deathlessdragon\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rusty hearts\\ClientLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\champions online\\Champions Online.exe"=
"c:\\Program Files\\Steam\\steamapps\\deathlessdragon\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\deathlessdragon\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\just cause 2 demo\\JustCause2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the ball demo\\Binaries\\Win32\\TheBall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\saints row the third - initiation station\\InitiationStation.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dc universe online\\LaunchPad.exe"=
"c:\\Program Files\\Steam\\steamapps\\deathlessdragon\\garrysmod\\hl2.exe"=
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [4/29/2011 2:16 PM 328536]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
S1 MpKsl04cdddc0;MpKsl04cdddc0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsl04cdddc0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsl04cdddc0.sys [?]
S1 MpKsl103d905c;MpKsl103d905c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D5D8EEA-2628-47B8-9569-F4E295C29937}\MpKsl103d905c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0D5D8EEA-2628-47B8-9569-F4E295C29937}\MpKsl103d905c.sys [?]
S1 MpKsl3db7d958;MpKsl3db7d958;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C54DF82-584E-4475-AB4B-2068DC638781}\MpKsl3db7d958.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0C54DF82-584E-4475-AB4B-2068DC638781}\MpKsl3db7d958.sys [?]
S1 MpKsl689a06a3;MpKsl689a06a3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCAC1780-484F-4BD0-9161-B5F7C8C7C3B3}\MpKsl689a06a3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BCAC1780-484F-4BD0-9161-B5F7C8C7C3B3}\MpKsl689a06a3.sys [?]
S1 MpKsl6be2f3cc;MpKsl6be2f3cc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933482FF-DCF5-43A6-A384-8EFC0BA44FCC}\MpKsl6be2f3cc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933482FF-DCF5-43A6-A384-8EFC0BA44FCC}\MpKsl6be2f3cc.sys [?]
S1 MpKsl6cd57689;MpKsl6cd57689;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsl6cd57689.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsl6cd57689.sys [?]
S1 MpKsl6f6e24fb;MpKsl6f6e24fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5867BE27-F1BA-4C38-8132-5BB638870E54}\MpKsl6f6e24fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5867BE27-F1BA-4C38-8132-5BB638870E54}\MpKsl6f6e24fb.sys [?]
S1 MpKsl9837cb1e;MpKsl9837cb1e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{931E3267-94F5-4300-BA25-F43C418B87C1}\MpKsl9837cb1e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{931E3267-94F5-4300-BA25-F43C418B87C1}\MpKsl9837cb1e.sys [?]
S1 MpKsl98f59e4c;MpKsl98f59e4c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{905AAB46-8CA9-46A6-8B85-9E5C6D110959}\MpKsl98f59e4c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{905AAB46-8CA9-46A6-8B85-9E5C6D110959}\MpKsl98f59e4c.sys [?]
S1 MpKsl9919780a;MpKsl9919780a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F93C21-F5B1-496A-AC3E-825DA32659E1}\MpKsl9919780a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F93C21-F5B1-496A-AC3E-825DA32659E1}\MpKsl9919780a.sys [?]
S1 MpKslaf7b9461;MpKslaf7b9461;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72C3B68D-78F3-454D-A504-1FD7BF61ACAE}\MpKslaf7b9461.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72C3B68D-78F3-454D-A504-1FD7BF61ACAE}\MpKslaf7b9461.sys [?]
S1 MpKsld723a590;MpKsld723a590;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23A3B397-161A-42F6-AE14-68BC301D9A13}\MpKsld723a590.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23A3B397-161A-42F6-AE14-68BC301D9A13}\MpKsld723a590.sys [?]
S1 MpKsld79bf295;MpKsld79bf295;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsld79bf295.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKsld79bf295.sys [?]
S1 MpKsldeb117a6;MpKsldeb117a6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3368AEB6-0D11-4547-B27D-6FC5DA8F9118}\MpKsldeb117a6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3368AEB6-0D11-4547-B27D-6FC5DA8F9118}\MpKsldeb117a6.sys [?]
S1 MpKsle585de4e;MpKsle585de4e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9058B277-02CB-4B12-BE37-272783128049}\MpKsle585de4e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9058B277-02CB-4B12-BE37-272783128049}\MpKsle585de4e.sys [?]
S1 MpKsleab6c135;MpKsleab6c135;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCF0984F-0BA1-49D3-9FB5-C64CEB8FA1A7}\MpKsleab6c135.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCF0984F-0BA1-49D3-9FB5-C64CEB8FA1A7}\MpKsleab6c135.sys [?]
S1 MpKsled39e944;MpKsled39e944;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{489F5038-2B00-4264-BFD3-D4E38C94DC47}\MpKsled39e944.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{489F5038-2B00-4264-BFD3-D4E38C94DC47}\MpKsled39e944.sys [?]
S1 MpKslf1e29cc2;MpKslf1e29cc2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18934C86-38EF-4724-9A28-16F92DB676B8}\MpKslf1e29cc2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18934C86-38EF-4724-9A28-16F92DB676B8}\MpKslf1e29cc2.sys [?]
S1 MpKslf4808fac;MpKslf4808fac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933482FF-DCF5-43A6-A384-8EFC0BA44FCC}\MpKslf4808fac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{933482FF-DCF5-43A6-A384-8EFC0BA44FCC}\MpKslf4808fac.sys [?]
S1 MpKslfa9937d0;MpKslfa9937d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKslfa9937d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4470E3E6-4035-416A-A46F-4F85CC3212D2}\MpKslfa9937d0.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2010 1:41 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/31/2010 1:41 PM 136176]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\HP_Administrator\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\HP_Administrator\Application Data\NVIDIA\HWAccess.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCANDIS5
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-31 21:41]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-31 21:41]
.
2011-11-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sluggy.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.109.64.200 213.109.73.8 1.1.1.1
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ra9bifmd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.reddit.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 18:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-11-06 18:30:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 02:30
.
Pre-Run: 51,523,489,792 bytes free
Post-Run: 51,722,153,984 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 850C859A861A75A4934EC1DC7C8D4BB9



Hi Gringo, thank you for taking the time to help me!
Just to note, I have a modified Host file so I don't see ads, but when I ran Combofix it reverted it to normal. Regardless I still get redirected during Google searches, but when I opened firefox to post this, I got a popup. Of course that might be a result of the host file not being modified like it usually is, but it is still an odd occurance.

TL;DR My computer is exactly the same, just with more ads.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 AM

Posted 07 November 2011 - 12:53 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DeathlessDragon

DeathlessDragon
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 07 November 2011 - 02:54 AM

Windows IP Configuration



Host Name . . . . . . . . . . . . : your-4dacd0ea75

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82562V 10/100 Network Connection

Physical Address. . . . . . . . . : 00-18-F3-BB-44-93



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.wa.comcast.net.

Description . . . . . . . . . . . : NETGEAR WG111 802.11g Wireless USB2.0 Adapter

Physical Address. . . . . . . . . : 00-14-6C-6F-51-AF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 213.109.64.200

213.109.73.8

1.1.1.1

Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 7:42:25 PM

Lease Expires . . . . . . . . . . : Monday, November 07, 2011 7:42:25 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.64.200

Name: google.com
Addresses: 74.125.65.99, 74.125.65.106, 74.125.65.104, 74.125.65.105
74.125.65.103, 74.125.65.147

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 213.109.64.200

Name: yahoo.com
Addresses: 67.195.160.76, 98.139.180.149, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging google.com [74.125.47.99] with 32 bytes of data:



Reply from 74.125.47.99: bytes=32 time=92ms TTL=49

Reply from 74.125.47.99: bytes=32 time=462ms TTL=49



Ping statistics for 74.125.47.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 462ms, Average = 277ms



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=33ms TTL=51

Reply from 98.137.149.56: bytes=32 time=311ms TTL=51



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 311ms, Average = 172ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 bb 44 93 ...... Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
0x10004 ...00 14 6c 6f 51 af ...... NETGEAR WG111 802.11g Wireless USB2.0 Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25
255.255.255.255 255.255.255.255 192.168.1.100 2 1
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 AM

Posted 07 November 2011 - 02:57 AM

Hello

Yes it looks like the DNS settings on the router have been changed.

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 AM

Posted 10 November 2011 - 12:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:32 AM

Posted 13 November 2011 - 01:37 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users