Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Issues


  • This topic is locked This topic is locked
13 replies to this topic

#1 speckulator

speckulator

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 23 November 2011 - 11:11 PM

A little while back I started having problemswith Google results redirecting to sites other than the ones showing on thescreen. After the problem showed up I cleared up all update issues and did somesearching for solutions and was able to clear things up enough that it appearsthe google links are accurate as of now. I am posting these logs to see if Ihave unresolved issues that I did not resolve as well as other issues that gotthrough the same way the google problem got in.

I would also like any recommendations as to what unnecessary things we haverunning, such as tool bars that no one in the house knows how they got there,and what I should do to prevent any further infections. Thanks in Advance

Speckulator



DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Randy at 20:53:29 on 2011-11-23

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.921 [GMT-6:00]

.

AV: AVG Anti-Virus Free Edition 2012*Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012*Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Spyware Doctor *Enabled/Updated*{F008AB3A-52B9-2B13-3681-4ED4FDA86549}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -kLocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -kLocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -kLocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile DeviceSupport\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -kNetworkServiceNetworkRestricted

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Microsoft\Search EnhancementPack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -kLocalServiceAndNoImpersonation

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG PC Tuneup2011\BoostSpeed.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Camera Assistant Software forGateway\traybar.exe

C:\Program Files\Google\Google DesktopSearch\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

A:\Program Files\MicrosoftOffice\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP SoftwareUpdate\hpwuschd2.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Windows\sttray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATITechnologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\WindowsLive\Messenger\msnmsgr.exe

C:\ProgramFiles\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Hewlett-Packard\Marketsplash byHP\HPLocalWebPrintAgent.exe

A:\Program Files\MicrosoftOffice\Office12\ONENOTEM.EXE

C:\Program Files\Camera Assistant Software forGateway\CEC_MAIN.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATITechnologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbar\GoogleToolbarUser_32.exe

C:\Program Files\MSNToolbar\Platform\6.3.2291.0\mswinext.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Program Files\Microsoft\Search EnhancementPack\SCServer\SCServer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchIndexer.exe

A:\Program Files\MicrosoftOffice\Office12\WINWORD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1620

uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1620

mDefault_Page_URL =hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1620

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper:{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\commonfiles\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {089fd14d-132b-48fc-8861-0048ae113215} -c:\program files\siteadvisor\6261\SiteAdv.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}- c:\program files\avg\avg2012\avgssie.dll

BHO: Search Helper:{6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\searchenhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e}- a:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class:{761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programfiles\java\jre1.6.0_01\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6}- c:\program files\common files\microsoft shared\windowslive\WindowsLiveLogin.dll

BHO: Google Toolbar Helper:{aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar\GoogleToolbar_32.dll

BHO: CBrowserHelperObject Object:{ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Bing Bar BHO:{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msntoolbar\platform\6.3.2291.0\npwinext.dll

TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0}- c:\program files\siteadvisor\6261\SiteAdv.dll

TB: @c:\program files\msntoolbar\platform\6.3.2291.0\npwinext.dll,-100:{8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msntoolbar\platform\6.3.2291.0\npwinext.dll

TB: Google Toolbar:{2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar\GoogleToolbar_32.dll

EB: Copernic Agent Results:{6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - a:\program files\copernicagent\CopernicAgentExt.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [msnmsgr] "c:\program files\windowslive\messenger\msnmsgr.exe" /background

uRun: [swg] "c:\programfiles\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [WMPNSCFG] c:\program files\windows mediaplayer\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\WindowsDefender\MSASCui.exe -hide

mRun: [StartCCC] c:\program files\atitechnologies\ati.ace\core-static\CLIStart.exe

mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Camera Assistant Software] "c:\programfiles\camera assistant software for gateway\traybar.exe"

mRun: [Google Desktop Search] "c:\programfiles\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Spare Backup] "c:\program files\sparebackup\SpareBackup.exe" /silent

mRun: [NapsterShell] c:\programfiles\napster\napster.exe /systray

mRun: [SiteAdvisor] "c:\programfiles\siteadvisor\6261\SiteAdv.exe"

mRun: [GrooveMonitor] "a:\programfiles\microsoft office\office12\GrooveMonitor.exe"

mRun: [HP Software Update] c:\program files\hp\hpsoftware update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Microsoft Default Manager] "c:\programfiles\microsoft\search enhancement pack\default manager\DefMgr.exe"-resume

mRun: [Adobe Reader Speed Launcher]"c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\commonfiles\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "c:\programfiles\avg\avg2012\avgtray.exe"

mRun: [SigmatelSysTrayApp] sttray.exe

mRun: [AppleSyncNotifier] c:\program files\commonfiles\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\commonfiles\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\programfiles\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\programfiles\quicktime\QTTask.exe" -atboottime

mRun: [ISTray] "c:\program files\spywaredoctor\pctsTray.exe"

StartupFolder:c:\users\randy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk- a:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder:c:\progra~2\micros~1\windows\startm~1\programs\startup\market~1.lnk -c:\program files\hewlett-packard\marketsplash by hp\HPLocalWebPrintAgent.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage= 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel -c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Search Using Copernic Agent - a:\programfiles\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\programfiles\java\jre1.6.0_01\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -{48E73304-E1D6-4330-914C-F5F514E3486C} -c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -hxxps://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab

DPF: {71D413D7-38C5-4035-8548-976522CF11D5} -hxxp://www.crucial.com/controls/cpcVistaBeta.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} -hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} -hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab

TCP: DhcpNameServer = 192.168.0.1

TCP:Interfaces\{23C811CB-1BC6-46ED-83FF-97A3D1AB1189} : DhcpNameServer =192.168.0.1

TCP: Interfaces\{980C12F5-BBA7-4C10-8E96-DEDC71679FEA}: DhcpNameServer = 192.168.0.1

TCP:Interfaces\{B226F05D-39B5-4D6E-8928-C7708B5C13A4} : DhcpNameServer =192.168.0.1

Handler: copernicagent -{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - a:\progra~1\copern~1\COPERN~1.DLL

Handler: copernicagentcache -{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - a:\progra~1\copern~1\COPERN~1.DLL

Handler: grooveLocalGWS -{88FED34C-F0CA-4636-A375-3CB6248B04CD} - a:\program files\microsoftoffice\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}- c:\program files\avg\avg2012\avgpp.dll

Handler: siteadvisor -{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\programfiles\siteadvisor\6261\SiteAdv.dll

AppInit_DLLs:c:\progra~1\google\google~1\GOEC62~1.DLL

SEH: Groove GFS Stub Execution Hook:{b5a7f190-dda6-4420-b3ba-52453494e6cd} - a:\program files\microsoftoffice\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-RootkitDriver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 IKFileSec;File SecurityDriver;c:\windows\system32\drivers\ikfilesec.sys [2008-10-30 40840]

R0 PCTCore;PCToolsKDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-25 130936]

R1 Avgldx86;AVG AVI LoaderDriver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-VirusShield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDIDriver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 IKSysFlt;System FilterDriver;c:\windows\system32\drivers\iksysflt.sys [2008-10-30 66952]

R1 IKSysSec;System SecurityDriver;c:\windows\system32\drivers\iksyssec.sys [2008-10-30 81288]

R2 AVGIDSAgent;AVGIDSAgent;c:\programfiles\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\programfiles\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 FontCache;Windows Font CacheService;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[2011-10-2 21504]

R2 sdAuxService;PC Tools AuxiliaryService;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-21 348752]

R2 sdCoreService;PC Tools SecurityService;c:\program files\spyware doctor\pctsSvc.exe [2008-10-30 1095560]

R3AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys[2011-7-11 134736]

R3AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys[2011-7-11 24272]

R3AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-416720]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys[2010-3-31 350720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NETFramework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe[2010-3-18 130384]

S2 gupdate;Google Update Service(gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]

S3 GoogleDesktopManager-051210-111108;GoogleDesktop Manager 5.9.1005.12335;c:\program files\google\google desktopsearch\GoogleDesktop.exe [2007-9-1 30192]

S3 gupdatem;Google Update Service(gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]

S3 NETw2v32;Intel® PRO/Wireless 2200BG NetworkConnection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys[2006-11-2 2589184]

S3rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]

S3 WPFFontCache_v0400;Windows PresentationFoundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe[2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-09 21:12:37 2409784 ----a-w- c:\program files\windowsmail\OESpamFilter.dat

2011-11-09 21:12:35 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 21:12:34 707584 ----a-w- c:\program files\commonfiles\system\wab32.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin7.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin6.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin5.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin4.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin3.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internetexplorer\plugins\npqtplugin2.dll

2011-11-02 13:31:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-20 03:21:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-10-03 04:37:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2011-10-03 04:37:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2011-10-03 04:37:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2011-10-03 04:37:03 98816 ----a-w- c:\windows\system32\mfps.dll

2011-10-03 04:37:03 2873344 ----a-w- c:\windows\system32\mf.dll

2011-10-03 04:37:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-10-03 04:37:02 209920 ----a-w- c:\windows\system32\mfplat.dll

2011-10-03 04:37:01 586240 ----a-w- c:\windows\system32\stobject.dll

2011-10-03 04:33:53 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui

2011-10-03 04:33:52 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-10-03 04:33:52 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-10-03 04:33:52 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-10-03 04:33:51 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-10-03 04:33:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-10-03 04:33:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-10-03 04:33:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-10-03 02:40:22 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2011-10-03 02:40:16 82432 ----a-w- c:\windows\system32\axaltocm.dll

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 20:55:34.56 ===============

GMER Log to Follow




BC AdBot (Login to Remove)

 


#2 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 23 November 2011 - 11:43 PM

I was unable to paste the GMER log. It may have something to do with it being 60 pages long. I am attaching the DDS attach file here. I was also unseccessful in attaching the GMER log. If there is any other way to get it too you such as email just let me know and I will get it to you.

Attached File  Attach 11 22 2011 8 53 pm.txt   12.41KB   0 downloads


Thanks

Speck

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 28 November 2011 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429121 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 29 November 2011 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your log.

I would also like any recommendations as to what unnecessary things we haverunning, such as tool bars that no one in the house knows how they got there.

Please let me know which tool bars you with to remove.
===


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers, and all other programs working. Make sure you save your file if working on a document.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 03 December 2011 - 12:24 AM

Hello Nasdaq and thank you for your time. I am happy to hear that are no residual effects from removing the google redirect virus. I had just read a few threads dealing with it and tried some of the recommended fixes till it stopped redirecting the links. I guess that proves even a blind squirrel can find a nut if he looks around a little bit.

I am having trouble with combofix the first time I ran it, it completed stage 50, then deleted a readiris 12 file then hung up trying to delete an autorun file from an HP install cd I left in the drive. I removed the disk and ran it again and it just hangs after completing the 50 stages. The log to follow.

The ping tool bar is the one I want to get rid of.

I also have a google toolbar running that the only thing we use from it is the spell checker, would you know of a better solution to spell checking in explorer that running that tool bar?

I also have something new popping up on the bottom called google related. Just click the x to turn it off or something better to get rid of it?

I want to get rid of AVG PCtuneup, it wants me to buy it and I want it not run if it isn't doing anything. how do I get to the startup list to turn things off?


Thanks and let me know it you have any ideas on getting combofix working. You guys are saints.
Speck


PS: I will be quite busy over the weekend, please don't close the thread if you don't hear from me till monday or tuesday.




Results of screen317's Security Check version 0.99.28
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 6.0
McAfee SiteAdvisor
AVG PC Tuneup 2011
Java™ SE Runtime Environment 6 Update 1
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#6 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 03 December 2011 - 08:15 AM

"The log to follow." should read the Security Check Log to follow.

Thanks

Speckulator


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 03 December 2011 - 08:52 AM

The ping tool bar is the one I want to get rid of.

Try this.
http://www.troublefixers.com/disable-remove-or-delete-bing-bar-toolbar-in-internet-explorer-firefox/


I also have a google toolbar running that the only thing we use from it is the spell checker, would you know of a better solution to spell checking in explorer that running that tool bar?


Try this plugin if not using it:
ieSpell - A Spell Checker for Internet Explorer
http://www.iespell.com/
<<<>>>

I also have something new popping up on the bottom called google related. Just click the x to turn it off or something better to get rid of it?

If you right click on the icon what information can you get for me?


I want to get rid of AVG PCtuneup, it wants me to buy it and I want it not run if it isn't doing anything. how do I get to the startup list to turn things off?


1. Go to “Start” and search for Control Panel.
2. Locate “Add or Remove Programs” or “Programs and Features” under “Uninstall a Program”.
3. Scroll down the list and highlight AVG PC Tuneup.
4. Click on “Change/Repair” to bring up the uninstall window of AVG PC Tuneup.
5. Restart computer once the uninstall is completed.

If that fails to work.

Download and run this Revo Uninstaller.
Revo Uninstaller
Instructions on the page.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ SE Runtime Environment 6 Update 1

===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Other than not being able to run ComboFix to completion what are the issues with this computer?

#8 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 03 December 2011 - 08:53 AM

I finally got a log from ComboFix

Thanks



ComboFix 11-12-03.01 - user 12/03/2011 7:20.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2429.1448 [GMT -6:00]
Running from: f:\downloads\Combofix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 13:32 . 2011-12-03 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-03 13:32 . 2011-12-03 13:32 -------- d-----w- c:\users\Barbie\AppData\Local\temp
2011-11-09 21:12 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:12 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:12 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 03:21 . 2011-09-30 21:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 11:23 . 2011-10-07 11:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21 . 2011-10-04 11:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 04:38 . 2011-10-03 04:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-10-03 04:38 . 2011-10-03 04:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-03 04:38 . 2011-10-03 04:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-03 04:38 . 2011-10-03 04:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-03 04:38 . 2011-10-03 04:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-03 04:38 . 2011-10-03 04:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-10-03 04:38 . 2011-10-03 04:38 367104 ----a-w- c:\windows\system32\html.iec
2011-10-03 04:38 . 2011-10-03 04:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-10-03 04:38 . 2011-10-03 04:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-03 04:38 . 2011-10-03 04:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-03 04:38 . 2011-10-03 04:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-10-03 04:38 . 2011-10-03 04:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-10-03 04:38 . 2011-10-03 04:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-10-03 04:38 . 2011-10-03 04:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-03 04:38 . 2011-10-03 04:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-10-03 04:38 . 2011-10-03 04:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-03 04:38 . 2011-10-03 04:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-10-03 04:38 . 2011-10-03 04:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-03 04:37 . 2011-10-03 04:37 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-10-03 04:37 . 2011-10-03 04:37 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-10-03 04:37 . 2011-10-03 04:37 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-10-03 04:37 . 2011-10-03 04:37 98816 ----a-w- c:\windows\system32\mfps.dll
2011-10-03 04:37 . 2011-10-03 04:37 2873344 ----a-w- c:\windows\system32\mf.dll
2011-10-03 04:37 . 2011-10-03 04:37 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-10-03 04:37 . 2011-10-03 04:37 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-10-03 04:37 . 2011-10-03 04:37 586240 ----a-w- c:\windows\system32\stobject.dll
2011-10-03 04:36 . 2011-10-03 04:36 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-10-03 04:36 . 2011-10-03 04:36 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-10-03 04:36 . 2011-10-03 04:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-10-03 04:36 . 2011-10-03 04:36 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-10-03 04:36 . 2011-10-03 04:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-10-03 04:36 . 2011-10-03 04:36 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-03 04:36 . 2011-10-03 04:36 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-03 04:36 . 2011-10-03 04:36 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-03 04:36 . 2011-10-03 04:36 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-10-03 04:36 . 2011-10-03 04:36 37376 ----a-w- c:\windows\system32\cdd.dll
2011-10-03 04:36 . 2011-10-03 04:36 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-10-03 04:36 . 2011-10-03 04:36 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-10-03 04:36 . 2011-10-03 04:36 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-10-03 04:36 . 2011-10-03 04:36 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-10-03 04:36 . 2011-10-03 04:36 258048 ----a-w- c:\windows\system32\winspool.drv
2011-10-03 04:36 . 2011-10-03 04:36 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-10-03 04:33 . 2011-10-03 04:33 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-10-03 04:33 . 2011-10-03 04:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-10-03 04:33 . 2011-10-03 04:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-10-03 04:33 . 2011-10-03 04:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-10-03 04:33 . 2011-10-03 04:33 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-10-03 04:33 . 2011-10-03 04:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-10-03 04:33 . 2011-10-03 04:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-10-03 04:33 . 2011-10-03 04:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-10-03 02:40 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-10-03 02:40 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:30 . 2011-10-13 21:08 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 638976]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-06 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"SiteAdvisor"="c:\program files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-09 36904]
"GrooveMonitor"="a:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - a:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Marketsplash Print Software.lnk - c:\program files\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-06 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 3200]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-01 08:00]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:27]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 17:27]
.
2011-11-19 c:\windows\Tasks\hpwebreg_CN15HCM22S.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 02:16]
.
2011-12-03 c:\windows\Tasks\hpwebreg_CN16BDM0G1.job
- c:\program files\HP\HP Officejet Pro 8500 A910\Bin\hpwebreg.exe [2010-11-17 02:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-1620
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search Using Copernic Agent - a:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: DhcpNameServer = 192.168.0.1
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PCFriendly - f:\tarzan dvd\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 07:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 03 December 2011 - 09:09 AM

The ComboFix log is clean.

Have a look at my previous post.

Let me know what problem persists.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 08 December 2011 - 02:09 PM

Are you still with me?

#11 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 08 December 2011 - 02:54 PM

Yes, sorry for the delay, I will try to get back with you when I get home tonight. If not it may be tomorrow. Thanks for your patience as this is a very busy time of the year for me. I want to get it ASAP before something else goes wrong.

#12 speckulator

speckulator
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 10 December 2011 - 01:02 AM

Hi Nasdaq,

I went over the list and updated everything you pointed out. The only thing unexpected was adobe reader also installed google chrome. Should I just leave it or uninstall it?

I had two problems that I was still having were:

1. We were no longer able to open the inbox in hotmail. Just tonight I started putting https: instead of http: when going to hotmail and it works. If you don't see a malware issue to indicate another problem I guess just keep using https? Let me know what your think.

2. The touch pad or whatever you call it instead of a mouse on a laptop would jump around like crazy. I started using a cordless mouse a while back and it worked just fine. I recently created a second user profile just to make backing up to smart phones easier and i noticed the touch pad works just fine on the second profile. Does this mean maybe it is only a driver corrupted or some kind of conflict instead of a hardware problem? Any thoughts on fixing it are welcome.

Someone told me today that AVG antivirus is widely reported as problematic and I should get rid of it for MS essentials. This came from a guy that is always asking me to fix his problems. I'd much rather follow the advice from you guys. Please direct me to the proper strategy for protecting my computers when I finish with this process.



Thanks Again

Speckulator


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 10 December 2011 - 10:38 AM

I went over the list and updated everything you pointed out. The only thing unexpected was adobe reader also installed google chrome. Should I just leave it or uninstall it?

Its a good application. Secure.
Try it and if you do now want to keep it you can remove it using the Add/Remove Programs list.
===

1. We were no longer able to open the inbox in hotmail.

Https is secured. So you should be good.
===

2. The touch pad or whatever you call it instead of a mouse on a laptop would jump around like crazy.
This is how you would disable it.
http://www.ehow.com/how_6066529_fix-touchpad-not-working-laptop.html
May be by disabling it and re enabling it may cause the Registry to reset.
===

This is an interesting article. It may help. Look at your mouse settings.
http://www.computeractive.co.uk/ca/pc-help/2119490/text-cursor-jump-documents

You may want to Google this string for more information why does my touchpad jump around.
===

Someone told me today that AVG antivirus is widely reported as problematic and I should get rid of it for MS essentials

Very subjectif from individual to individual. AVG is good as is MS essentials. The most important thing as with any other virus protection programs they must be kept up to date.
If you want to try MS essential make sure you disable AVG as you cannot run both in real life.
===

If all is well.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 15 December 2011 - 11:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users