Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Running in Backgroud, Google Redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 Juicy Raouk

Juicy Raouk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 November 2011 - 06:38 AM

I believe I am having a similar issue to a lot of people here; IE running in the background, Google redirects. I've tried just about everything and this is my last ditch effort before formatting the hard drive. I ran Combofix (which doesn't seem to have resolved anything) and here are the results:

ComboFix 11-11-04.01 - Bobby 11/04/2011 6:46.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.357 [GMT -4:00]
Running from: c:\documents and settings\Bobby\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bobby\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 10:30 . 2011-11-04 10:30 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-11-04 10:25 . 2011-09-20 07:02 83968 ----a-w- C:\boot_cleaner.exe
2011-11-04 10:07 . 2011-11-04 10:13 -------- d-----w- c:\program files\nLite
2011-11-03 02:46 . 2011-11-03 02:46 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-03 02:46 . 2011-11-03 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-02 03:03 . 2011-11-04 01:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-11-02 03:03 . 2011-11-04 01:58 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-02 03:03 . 2011-11-04 01:58 -------- d-----w- c:\program files\Symantec
2011-11-02 03:03 . 2011-11-04 09:47 -------- d-----w- c:\windows\system32\drivers\N360
2011-11-02 03:03 . 2011-11-02 03:03 -------- d-----w- c:\program files\Norton 360
2011-11-02 03:03 . 2011-11-02 03:03 -------- d-----w- c:\program files\Windows Sidebar
2011-11-02 03:03 . 2011-11-02 03:03 -------- d-----w- c:\program files\NortonInstaller
2011-11-02 03:01 . 2011-11-02 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-10-27 23:59 . 2011-10-27 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-27 23:59 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 22:04 . 2011-10-27 22:04 -------- d-----w- c:\documents and settings\Administrator
2011-10-27 11:05 . 2011-10-27 11:05 -------- d-----w- c:\documents and settings\Bobby\Application Data\Malwarebytes
2011-10-27 11:05 . 2011-10-27 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-14 18:58 . 2011-10-14 18:58 -------- d-----w- C:\Barbie™
2011-10-14 18:57 . 2011-10-14 18:57 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2008-07-29 23:59 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 17:51 220160 ------w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 17:51 20480 ------w- c:\windows\system32\oleaccrc.dll
2011-09-25 00:11 . 2011-09-25 00:11 404640 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-10 17:50 599040 ------w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-10 17:51 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-17 21:32 . 2004-08-10 17:51 832512 ------w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2010-09-08 01:43 78336 ------w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2004-08-10 17:51 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2004-08-10 17:50 17408 ------w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2004-08-10 17:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2004-08-10 17:51 389120 ------w- c:\windows\system32\html.iec
2011-09-30 23:29 . 2011-09-09 02:14 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-04_01.11.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-04 09:55 . 2011-11-04 09:55 16384 c:\windows\temp\Perflib_Perfdata_e50.dat
- 2004-08-10 17:51 . 2011-10-14 02:51 72208 c:\windows\system32\perfc009.dat
+ 2004-08-10 17:51 . 2011-11-04 10:12 72208 c:\windows\system32\perfc009.dat
+ 2011-11-04 01:57 . 2011-11-01 01:18 32888 c:\windows\system32\drivers\N360\0600000.075\srtspx.sys
+ 2011-11-04 01:56 . 2011-11-01 01:40 4349 c:\windows\system32\drivers\N360\0600000.075\symvtcer.dat
+ 2004-08-10 17:51 . 2011-11-04 10:12 442942 c:\windows\system32\perfh009.dat
- 2004-08-10 17:51 . 2011-10-14 02:51 442942 c:\windows\system32\perfh009.dat
+ 2011-11-04 01:57 . 2011-10-18 00:55 345208 c:\windows\system32\drivers\N360\0600000.075\symtdiv.sys
+ 2011-11-04 01:57 . 2011-10-18 00:55 387960 c:\windows\system32\drivers\N360\0600000.075\symtdi.sys
+ 2011-11-04 01:57 . 2011-10-18 00:55 317048 c:\windows\system32\drivers\N360\0600000.075\symnets.sys
+ 2011-11-04 01:57 . 2011-10-18 23:54 904824 c:\windows\system32\drivers\N360\0600000.075\symefa.sys
+ 2011-11-04 01:57 . 2011-08-16 05:51 340088 c:\windows\system32\drivers\N360\0600000.075\symds.sys
+ 2011-11-04 01:57 . 2011-11-01 01:18 574584 c:\windows\system32\drivers\N360\0600000.075\srtsp.sys
+ 2011-11-04 01:57 . 2011-10-18 00:50 149624 c:\windows\system32\drivers\N360\0600000.075\ironx86.sys
+ 2011-11-04 01:57 . 2011-09-28 01:20 132744 c:\windows\system32\drivers\N360\0600000.075\ccsetx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-03-29 36864]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\Bobby\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinSCP\\WinSCP.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0600000.075\symds.sys [11/3/2011 9:57 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0600000.075\symefa.sys [11/3/2011 9:57 PM 904824]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.113\Definitions\BASHDefs\20111028.021\BHDrvx86.sys [10/27/2011 10:24 PM 820344]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0600000.075\ccsetx86.sys [11/3/2011 9:57 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0600000.075\ironx86.sys [11/3/2011 9:57 PM 149624]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.0.0.117\ccsvchst.exe [11/3/2011 9:57 PM 138248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/1/2011 11:04 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.113\Definitions\IPSDefs\20111028.001\IDSXpx86.sys [10/28/2011 7:49 PM 356280]
R3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [11/4/2011 6:30 AM 53248]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RK_REMOVER-BOOT
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-10-26 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2010-11-17 01:12]

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Juicy Raouk

Juicy Raouk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 05 November 2011 - 09:27 PM

Nevermind, just went ahead and formatted and reinstalled Windows. Everything is working perfectly now.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:16 AM

Posted 07 November 2011 - 05:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users