redirecting on Google

View previous topic View next topic Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 12:32 am

but i didnt even finish

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 12:34 am

oh well never mind because my search engine is fine now.

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 12:35 am

you can close this post

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 12:40 am

wallawalla,

You've got some signs of infection in your OTL log. Not to mention a ton of junk in your Recycle Bin. If you choose to go through the rest of the malware removal I can guarantee you will be clean.

All may seem well on the surface but, things could be hiding deeper within. If you choose to call it a day however, and have the topic closed that is your prerogative and I certainly won't stop you.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 12:41 am

well nvm im juuust confused

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 12:42 am

Do you wish to continue or shall I close this?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 1:16 am

i wish to continue. the tfc cleaner thing stops working in the middle of the process

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 7:36 am

Ok. Move on to combofix please

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 5:29 pm

i looked at the list but i still don't know how to disable the avast program and malwarebytes

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 5:35 pm

You'll be fine running them with it active. It's just a precaution so combofix is not blocked from running

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 6:15 pm

ok i did it but it said nothing about any windows recovery console. i gave me a choice to update it and i did. there's was no place to copy and paste the link. but here's the log. ComboFix 10-06-22.01 - Louis 06/22/2010 12:51:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.873 [GMT -5:00]
Running from: c:\users\Louis\Downloads\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Louis\AppData\Roaming\6600194D7BC5EA6A896BC37D8205F2DA
c:\users\Louis\AppData\Roaming\6600194D7BC5EA6A896BC37D8205F2DA\enemies-names.txt
c:\users\Louis\AppData\Roaming\6600194D7BC5EA6A896BC37D8205F2DA\local.ini
c:\users\Louis\AppData\Roaming\6600194D7BC5EA6A896BC37D8205F2DA\setupupdater0000.exe.vir
c:\users\Louis\AppData\Roaming\Desktopicon

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 18:04 . 2010-06-22 18:04 -------- d-----w- c:\users\Louis\AppData\Local\temp
2010-06-22 18:04 . 2010-06-22 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-20 08:25 . 2010-06-20 08:26 -------- d-----w- c:\windows\system32\ca-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\eu-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\vi-VN
2010-06-20 06:56 . 2010-06-20 06:56 -------- d-----w- c:\windows\system32\EventProviders
2010-06-18 17:24 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-18 17:24 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-18 17:24 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-18 17:24 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-18 17:24 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-18 17:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-18 17:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\program files\Alwil Software
2010-06-15 21:06 . 2010-06-17 18:13 -------- d-----w- c:\programdata\Update
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\programdata\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\users\Louis\AppData\Roaming\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:10 . 2010-06-15 03:10 -------- d-----w- c:\users\Louis\AppData\Roaming\WebcamMax
2010-06-12 01:53 . 2010-06-12 01:53 50354 ----a-w- c:\users\Louis\AppData\Roaming\Facebook\uninstall.exe
2010-06-12 01:53 . 2010-06-12 01:53 -------- d-----w- c:\users\Louis\AppData\Roaming\Facebook
2010-06-11 19:17 . 2010-05-19 19:00 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3BE.tmp.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Louis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-08 23:11 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-08 23:11 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-08 23:11 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 23:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 21:25 . 2010-06-02 21:25 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-02 21:25 . 2010-06-02 21:25 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-05-26 07:39 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 18:04 . 2009-12-23 15:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-20 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-20 08:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-19 08:08 . 2009-03-19 04:12 -------- d-----w- c:\programdata\Norton
2010-06-18 18:13 . 2008-02-24 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-18 18:11 . 2009-07-16 21:12 -------- d-----w- c:\program files\Apple Software Update
2010-06-18 17:26 . 2008-02-24 00:48 -------- d-----w- c:\program files\Google
2010-06-18 16:09 . 2010-01-01 05:33 -------- d-----w- c:\users\Louis\AppData\Roaming\AVS4YOU
2010-06-18 15:59 . 2010-02-06 19:19 -------- d-----w- c:\programdata\avg9
2010-06-17 17:03 . 2010-02-06 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 08:42 . 2010-04-17 23:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 08:22 . 2008-05-14 07:39 -------- d-----w- c:\programdata\Microsoft Help
2010-05-25 13:20 . 2008-09-11 23:07 7268 ----a-w- c:\users\Louis\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-08 23:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 23:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 23:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 23:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 20:39 . 2010-02-06 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-06 21:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 03:21 . 2008-10-07 01:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-13 14:20 . 2008-06-13 14:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-06-13 14:20 . 2008-06-13 14:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-13 30192]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3a,4d,1e,72,53,10,cb,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-13 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-19 9216]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{191C15FE-9150-4DC0-B801-DC69CF87F35E}.job
- c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\i8aclo2b.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - c:\program files\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-22 13:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-22 13:09:28
ComboFix-quarantined-files.txt 2010-06-22 18:09

Pre-Run: 109,478,957,056 bytes free
Post-Run: 109,434,392,576 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E993FA9C84AF9D8918AA447EA5B9B8C1

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 7:08 pm

No Anti-Virus

I don't see an anti-virus program present on your system! This could have some serious ramifications including completely opening up your system to infection. You should pick ONE of the following and install it.

Note: Never install more than 1 anti-virus or firewall.


=========

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) [You must be registered and logged in to see this link.]
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) [You must be registered and logged in to see this link.]
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.
======

Re-running ComboFix to remove infections:



  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the Code box below into it:

Code:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =

Driver::
aswSP
aswFsBlk

  • Save this as CFScript.txt, in the same location as ComboFix.exe





  • Referring to the picture above, drag CFScript into ComboFix.exe
    When finished, it shall produce a log for you at C:\ComboFix.txt
    Please post the contents of the log in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 7:11 pm

um i have avast....

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 7:28 pm


Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.873 [GMT -5:00]
Running from: c:\users\Louis\Downloads\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

Not according to the log. Is it properly installed and currently running? You have evidence of both AVG and Avast in the log.

Have you completed the rest of the steps?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 8:41 pm

ComboFix 10-06-22.02 - Louis 06/22/2010 15:27:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.808 [GMT -5:00]
Running from: c:\users\Louis\Desktop\commy.exe
Command switches used :: c:\users\Louis\Desktop\CFscript.txt.lnk
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 20:33 . 2010-06-22 20:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 20:33 . 2010-06-22 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 18:09 . 2010-06-22 20:33 -------- d-----w- c:\users\Louis\AppData\Local\temp
2010-06-20 08:25 . 2010-06-20 08:26 -------- d-----w- c:\windows\system32\ca-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\eu-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\vi-VN
2010-06-20 06:56 . 2010-06-20 06:56 -------- d-----w- c:\windows\system32\EventProviders
2010-06-18 17:24 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-18 17:24 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-18 17:24 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-18 17:24 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-18 17:24 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-18 17:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-18 17:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\program files\Alwil Software
2010-06-15 21:06 . 2010-06-17 18:13 -------- d-----w- c:\programdata\Update
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\programdata\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\users\Louis\AppData\Roaming\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:10 . 2010-06-15 03:10 -------- d-----w- c:\users\Louis\AppData\Roaming\WebcamMax
2010-06-12 01:53 . 2010-06-12 01:53 50354 ----a-w- c:\users\Louis\AppData\Roaming\Facebook\uninstall.exe
2010-06-12 01:53 . 2010-06-12 01:53 -------- d-----w- c:\users\Louis\AppData\Roaming\Facebook
2010-06-11 19:17 . 2010-05-19 19:00 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE3BE.tmp.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Louis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-06-08 23:11 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-08 23:11 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-08 23:11 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 23:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-02 21:25 . 2010-06-02 21:25 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-02 21:25 . 2010-06-02 21:25 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-05-26 07:39 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 20:34 . 2009-12-23 15:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-20 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-20 08:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-19 08:08 . 2009-03-19 04:12 -------- d-----w- c:\programdata\Norton
2010-06-18 18:13 . 2008-02-24 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-18 18:11 . 2009-07-16 21:12 -------- d-----w- c:\program files\Apple Software Update
2010-06-18 17:26 . 2008-02-24 00:48 -------- d-----w- c:\program files\Google
2010-06-18 16:09 . 2010-01-01 05:33 -------- d-----w- c:\users\Louis\AppData\Roaming\AVS4YOU
2010-06-18 15:59 . 2010-02-06 19:19 -------- d-----w- c:\programdata\avg9
2010-06-17 17:03 . 2010-02-06 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 08:42 . 2010-04-17 23:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 08:22 . 2008-05-14 07:39 -------- d-----w- c:\programdata\Microsoft Help
2010-05-25 13:20 . 2008-09-11 23:07 7268 ----a-w- c:\users\Louis\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-08 23:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 23:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 23:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 23:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 20:39 . 2010-02-06 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-06 21:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 03:21 . 2008-10-07 01:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-13 14:20 . 2008-06-13 14:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-06-13 14:20 . 2008-06-13 14:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-13 30192]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3a,4d,1e,72,53,10,cb,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-13 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-19 9216]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{191C15FE-9150-4DC0-B801-DC69CF87F35E}.job
- c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\i8aclo2b.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - iMesh Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-22 15:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-22 15:37:41
ComboFix-quarantined-files.txt 2010-06-22 20:37
ComboFix2.txt 2010-06-22 20:19
ComboFix3.txt 2010-06-22 18:09

Pre-Run: 108,242,804,736 bytes free
Post-Run: 108,215,083,008 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 88CD1E0DAD8E8B0BC9E6F981CA630ED3

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 8:43 pm

i uninstalled avg a little while ago but avast is still up and running. this is the log i got

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 8:53 pm

Hi wallawalla,

That did not work correctly. Please ensure you save the notepad file a CFScript.txt directly on to the Desktop and follow the instructions Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 22nd June 2010, 9:03 pm

how do i save it on the desktop? i mean i put the notepad file and the combo.exe thing as icons on the desktop and i put the notepad file into the combofix thing. it started running combofix again .when it was done, i opened C:\ComboFix.txt and there was the log that i copied.

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 22nd June 2010, 9:14 pm

According to the log you either saved it wrong, or copied the file from a different location.

It needs to be saved to the desktop and run from there. I'm heading out and will be back on later tonight.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 23rd June 2010, 8:12 pm

ComboFix 10-06-23.01 - Louis 06/23/2010 13:40:15.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.527 [GMT -5:00]
Running from: c:\users\Louis\Desktop\commy.exe
Command switches used :: c:\users\Louis\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWFSBLK
-------\Legacy_ASWSP
-------\Service_aswFsBlk
-------\Service_aswSP


((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 18:48 . 2010-06-23 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-23 18:48 . 2010-06-23 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 18:09 . 2010-06-23 18:51 -------- d-----w- c:\users\Louis\AppData\Local\temp
2010-06-20 08:25 . 2010-06-20 08:26 -------- d-----w- c:\windows\system32\ca-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\eu-ES
2010-06-20 08:25 . 2010-06-20 08:25 -------- d-----w- c:\windows\system32\vi-VN
2010-06-20 06:56 . 2010-06-20 06:56 -------- d-----w- c:\windows\system32\EventProviders
2010-06-18 17:24 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-18 17:24 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-18 17:24 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-18 17:24 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-18 17:24 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-18 17:23 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-18 17:23 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\programdata\Alwil Software
2010-06-18 17:23 . 2010-06-18 17:23 -------- d-----w- c:\program files\Alwil Software
2010-06-15 21:06 . 2010-06-17 18:13 -------- d-----w- c:\programdata\Update
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\programdata\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:18 . 2010-06-15 03:18 -------- d-----w- c:\users\Louis\AppData\Roaming\C__Program Files_WebcamMax_WebcamMax.exe
2010-06-15 03:10 . 2010-06-15 03:10 -------- d-----w- c:\users\Louis\AppData\Roaming\WebcamMax
2010-06-12 01:53 . 2010-06-12 01:53 -------- d-----w- c:\users\Louis\AppData\Roaming\Facebook
2010-06-08 23:11 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-08 23:11 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-08 23:11 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 23:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-26 07:39 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 18:51 . 2009-12-23 15:53 -------- d-----w- c:\program files\Common Files\Akamai
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-20 08:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-20 08:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-19 08:08 . 2009-03-19 04:12 -------- d-----w- c:\programdata\Norton
2010-06-18 18:13 . 2008-02-24 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-18 18:11 . 2009-07-16 21:12 -------- d-----w- c:\program files\Apple Software Update
2010-06-18 17:26 . 2008-02-24 00:48 -------- d-----w- c:\program files\Google
2010-06-18 16:09 . 2010-01-01 05:33 -------- d-----w- c:\users\Louis\AppData\Roaming\AVS4YOU
2010-06-18 15:59 . 2010-02-06 19:19 -------- d-----w- c:\programdata\avg9
2010-06-17 17:03 . 2010-02-06 21:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 08:42 . 2010-04-17 23:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 08:22 . 2008-05-14 07:39 -------- d-----w- c:\programdata\Microsoft Help
2010-05-25 13:20 . 2008-09-11 23:07 7268 ----a-w- c:\users\Louis\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-08 23:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-08 23:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-08 23:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-08 23:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 20:39 . 2010-02-06 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-06 21:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 03:21 . 2008-10-07 01:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-13 14:20 . 2008-06-13 14:20 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-06-13 14:20 . 2008-06-13 14:20 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 22:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-10 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-13 30192]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3a,4d,1e,72,53,10,cb,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-13 30192]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-19 9216]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 02:46]

2010-06-23 c:\windows\Tasks\User_Feed_Synchronization-{191C15FE-9150-4DC0-B801-DC69CF87F35E}.job
- c:\windows\system32\msfeedssync.exe [2010-06-08 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\i8aclo2b.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Louis\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\HP Software Update\HPWUCli.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-06-23 14:04:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-23 19:04
ComboFix2.txt 2010-06-22 20:37
ComboFix3.txt 2010-06-22 20:19
ComboFix4.txt 2010-06-22 18:09

Pre-Run: 108,136,980,480 bytes free
Post-Run: 107,755,638,784 bytes free

- - End Of File - - E23B9A04ACFF241E7E8CA6FFA23B0A21

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 23rd June 2010, 8:14 pm

That's done it Smile. How are things running now?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by wallawalla3 on 23rd June 2010, 11:33 pm

great! thanks for your help! do you think i should keep combo fix on my computer just in case this kind of thing happens again?

wallawalla3
Novice
Novice

Posts Posts : 39
Joined Joined : 2010-06-17
Gender Gender : Female
OS OS : windows vista
Points Points : 24204
# Likes # Likes : 0

View user profile

Back to top Go down

Re: redirecting on Google

Post by Crush on 24th June 2010, 3:50 am

Hi wallawalla,

absoƖute NOT.

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's [You must be registered and logged in to see this link.]

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: [You must be registered and logged in to see this link.]
==========

Congratulations!! Your PC is all clean! Big Grin

To uninstall ComboFix

* Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
* In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

* Then, press Enter, or click OK.
* This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Reading Tip:
[You must be registered and logged in to see this link.]
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

[You must be registered and logged in to see this link.]

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the [You must be registered and logged in to see this link.] - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this [You must be registered and logged in to see this link.] to learn how to backup. Follow [You must be registered and logged in to see this link.] by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
[You must be registered and logged in to see this link.]

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features [You must be registered and logged in to see this link.]

You can get a [You must be registered and logged in to see this link.] of Winpatrol or use the [You must be registered and logged in to see this link.] for more features.

You can read [You must be registered and logged in to see this link.] if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from [You must be registered and logged in to see this link.].

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy [You must be registered and logged in to see this link.] at Bleeping Computer.

4. SiteHound Toolbar

[You must be registered and logged in to see this link.] is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> [You must be registered and logged in to see this link.]<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See [You must be registered and logged in to see this link.] for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42138
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum