go.google

View previous topic View next topic Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 8:47 pm

sorry i havnt been able to replie but the other computer that i wanted to clean i through out the window cause it wouldnt let me download the hack or avenger program and it was destroying the whole computer more and more on every start up. I salvaged what i could from the computer and tossed it. But now I just got a new laptop to replace that one and i think it has the google virus also cause i when i click a link on a google results page it never sends me to the desired link. it sends me to some other random website like the computer we just fixed did. so can you help me once again. plz.

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 8:50 pm

Hello.
I have split your post out into a new topic because the other topic was old.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 8:56 pm

here is the hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:29 PM, on 3/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{15AE1AD3-5886-4BD3-B774-E8E727DE0854}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2992278-E8F7-4420-9B7B-5F983A4EE94E}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{15AE1AD3-5886-4BD3-B774-E8E727DE0854}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11109 bytes

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:01 pm

Hello. I don't think it's the go.google malware. I can see from the log it's a DNS hijack.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O17 - HKLM\System\CCS\Services\Tcpip\..\{15AE1AD3-5886-4BD3-B774-E8E727DE0854}: NameServer = 85.255.112.68,85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C2992278-E8F7-4420-9B7B-5F983A4EE94E}: NameServer = 85.255.112.68,85.255.112.66
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
    O17 - HKLM\System\CS1\Services\Tcpip\..\{15AE1AD3-5886-4BD3-B774-E8E727DE0854}: NameServer = 85.255.112.68,85.255.112.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:15 pm

here is the mbam log


Malwarebytes' Anti-Malware 1.34
Database version: 1772
Windows 6.0.6001 Service Pack 1

3/24/2009 4:09:42 PM
mbam-log-2009-03-24 (16-09-42).txt

Scan type: Quick Scan
Objects scanned: 55942
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15ae1ad3-5886-4bd3-b774-e8e727de0854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{15ae1ad3-5886-4bd3-b774-e8e727de0854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{15ae1ad3-5886-4bd3-b774-e8e727de0854}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{15ae1ad3-5886-4bd3-b774-e8e727de0854}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c2992278-e8f7-4420-9b7b-5f983a4ee94e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.68,85.255.112.66 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-9-1-50-100012029-100002325-100011974-4252.com (Trojan.Agent) -> Quarantined and deleted successfully.

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:17 pm

Hello
The MBAM database is old.

Database version: 1772

Would the update not run?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:19 pm

sorry i already had it installed mbam on my computer from a while ago i forgot to update ill do it again

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:23 pm

here is the updated version


Malwarebytes' Anti-Malware 1.34
Database version: 1893
Windows 6.0.6001 Service Pack 1

3/24/2009 4:22:40 PM
mbam-log-2009-03-24 (16-22-40).txt

Scan type: Quick Scan
Objects scanned: 59573
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\chancelor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDExtrem (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDExtrem\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\chancelor\AppData\Local\Temp\HDExtrem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:24 pm

Thanks.
Lets go deeper to make sure we got it all.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:37 pm

it says my post is too big

do you want me to send half of the dds text then send the other half

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:39 pm

Yep, use more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:40 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by chancelor at 16:33:03.92 on Tue 03/24/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1680 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\chancelor\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.134\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.134\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\chance~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.134\CoIEPlg.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\mcpcore.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\stardock\object desktop\iconpackager\iprepair.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:41 pm

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.086\SymEFA.sys [2009-3-15 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.086\BHDrvx86.sys [2009-3-15 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.086\cchpx86.sys [2009-3-15 482352]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090318.001\IDSvix86.sys [2009-3-24 292912]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.134\ccSvcHst.exe [2009-3-15 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-15 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0300000.086\symndisv.sys [2009-3-15 39984]

=============== Created Last 30 ================

2009-03-24 15:55 --d----- c:\program files\Trend Micro
2009-03-24 01:31 1,149,440 a------- c:\windows\system32\themecpl.dll
2009-03-24 01:13 122,880 a------- c:\windows\system32\DreamScene.dll
2009-03-23 19:18 --d----- C:\Stardock
2009-03-23 18:21 16,959,488 a------- c:\windows\system32\imageres.dll
2009-03-23 17:34 -cd-h--- c:\programdata\{649987C4-98EC-44BC-BC4A-8076AFDA0B27}
2009-03-23 17:34 -cd-h--- c:\progra~2\{649987C4-98EC-44BC-BC4A-8076AFDA0B27}
2009-03-23 17:19 --d-h--- c:\programdata\{6A9AE48B-C5B4-4CB4-B4DF-32B5020D62CE}
2009-03-23 17:19 --d-h--- c:\progra~2\{6A9AE48B-C5B4-4CB4-B4DF-32B5020D62CE}
2009-03-23 17:16 --d----- c:\program files\common files\Stardock
2009-03-23 17:16 550,600 a------- c:\windows\system32\wbocx32.ocx
2009-03-23 14:39 1,149,440 a------- c:\windows\system32\themecpl.dll.original
2009-03-23 12:38 --d----- c:\program files\Norton Support
2009-03-23 00:32 --d----- c:\program files\VS Revo Group
2009-03-22 23:57 --d-h--- c:\programdata\~0
2009-03-22 23:57 --d-h--- c:\progra~2\~0
2009-03-22 21:27 --d----- c:\users\chance~1\appdata\roaming\Stardock
2009-03-22 21:27 -cd-h--- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-03-22 21:27 -cd-h--- c:\progra~2\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-03-22 21:24 567,040 a------- c:\windows\system32\wbocx.ocx
2009-03-22 21:24 56,496 a------- c:\windows\system32\wbhelp2.dll
2009-03-17 14:13 --d----- c:\program files\common files\PX Storage Engine
2009-03-17 14:12 --d----- c:\program files\DivX
2009-03-17 14:12 --d----- c:\program files\common files\DivX Shared
2009-03-15 21:49 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-15 21:49 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-15 21:49 --d----- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-03-15 21:49 --d----- c:\progra~2\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-03-15 21:48 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-03-15 21:48 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-15 21:48 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-15 21:48 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-03-15 21:48 --d----- c:\program files\Symantec
2009-03-15 21:48 --d----- c:\program files\common files\Symantec Shared
2009-03-15 21:47 --d----- c:\windows\system32\drivers\N360
2009-03-15 21:47 --d----- c:\program files\Norton 360
2009-03-15 21:44 --d----- c:\programdata\PCSettings
2009-03-15 21:44 --d----- c:\progra~2\PCSettings
2009-03-11 15:17 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 15:17 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 15:17 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 15:17 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 13:12 268,288 a------- c:\windows\system32\schannel.dll
2009-03-11 13:11 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-11 09:58 --d----- c:\program files\iPod
2009-03-11 09:58 --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-11 09:58 --d----- c:\program files\iTunes
2009-03-11 09:58 --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-10 17:19 35,960 a------- c:\windows\scunin.dat
2009-03-10 17:19 94,208 a------- c:\windows\ScUnin.exe
2009-03-10 17:19 967 a------- c:\windows\ScUnin.pif
2009-03-10 17:19 --d----- c:\program files\Starcraft
2009-03-09 14:08 --d----- c:\programdata\Apple Computer
2009-03-09 14:06 --d----- c:\programdata\Apple
2009-03-08 22:25 --d----- c:\programdata\DVD Shrink
2009-03-08 22:25 --d----- c:\program files\DVD Shrink
2009-03-03 18:55 --d----- c:\users\chancelor\.tuxguitar-1.0
2009-03-03 18:53 --d----- c:\program files\tuxguitar-1.0
2009-03-01 19:02 --d----- c:\users\chance~1\appdata\roaming\AVS4YOU
2009-03-01 19:02 --d----- c:\programdata\AVS4YOU
2009-03-01 19:02 --d----- c:\progra~2\AVS4YOU
2009-03-01 19:01 --d----- c:\program files\common files\AVSMedia
2009-03-01 19:01 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-03-01 19:01 974,848 a------- c:\windows\system32\mfc70.dll
2009-03-01 19:01 487,424 a------- c:\windows\system32\msvcp70.dll
2009-03-01 19:01 344,064 a------- c:\windows\system32\msvcr70.dll
2009-03-01 19:01 24,576 a------- c:\windows\system32\msxml3a.dll
2009-03-01 19:01 --d----- c:\program files\AVS4YOU
2009-02-27 15:33 --d----- c:\users\chance~1\appdata\roaming\LimeWire
2009-02-27 15:33 --d----- c:\program files\LimeWire
2009-02-26 22:17 --d----- c:\users\chance~1\appdata\roaming\MSNInstaller

==================== Find3M ====================

2009-03-23 16:45 28,219 a------- c:\programdata\nvModes.dat
2009-03-23 16:45 28,219 a------- c:\progra~2\nvModes.dat
2009-03-23 14:27 51,200 a------- c:\windows\inf\infpub.dat
2009-03-23 14:27 86,016 a------- c:\windows\inf\infstrng.dat
2009-03-23 14:26 86,016 a------- c:\windows\inf\infstor.dat
2009-02-22 14:33 716,272 a------- c:\windows\system32\drivers\sptd.sys
2009-02-17 18:15 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE8503Q1D_E508241-001_4A_I303C_SWistron_V08.47_F.32_T081120_WV3-1_L409_M2814_J250_7AMD_8F31_92.00_#081219_N168C001C;10DE0760_(NB265UA#ABA)_XMOBILE_CN10_Z_2F.32_G10DE0845.MRK
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-10-23 00:54 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:33:24.52 ===============

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:45 pm

Hello.
You have or had Limewire installed. If it's still instaled, please follow my instructions to remove it.

P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

If you choose to follow my recommendation then follow these instructions.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight Limewire
  • Click on the Uninstall/Change button at the top.


Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\users\chance~1\appdata\roaming\LimeWire
    c:\program files\LimeWire


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:49 pm

I really like my limewire and i bought limewire pro is this just an optional removal process

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:50 pm

when it says sharing in the p2p i always unshare cause im dont like it and i think about the malware

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:52 pm

Okay, but chances you will get infected again are very high, because not only is file sharing ILLEGAL, but there is a lot of malware on P2P these days, pretty much 95% of everything on Limewire will be infected.

If it is not removed, I reserve the right to help again if you get infected again, because it's a waste of time to remove it once only to get infected again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:53 pm

ok then ill remove limewire thank you

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:56 pm

Then once it's removed, please run my OTMoveIt script to remove the Limewire folders.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 9:58 pm

========== FILES ==========
c:\users\chance~1\appdata\roaming\LimeWire\xml\data moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\xml moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\themes\windows_theme moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\themes moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\promotion moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\mozilla-profile\updates\0 moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\mozilla-profile\updates moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\mozilla-profile\extensions moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\mozilla-profile\Cache moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\mozilla-profile moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\certificate moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\res\html moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\res\fonts moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\res\entityTables moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\res\dtd moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\res moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\plugins moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\modules moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\greprefs moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\dictionaries moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\profile moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\pref moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\defaults moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\components moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner\chrome moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser\xulrunner moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\browser moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire\.AppSpecialShare moved successfully.
c:\users\chance~1\appdata\roaming\LimeWire moved successfully.
File/Folder c:\program files\LimeWire not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_165543

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 9:59 pm

Thank you.
Please delete this folder in bold:
C:\_OTMoveIt

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 10:08 pm

normal google links are working like normal now but when i click one of the sponsered links it redirects me to results.googleadservices.com instead of the accual link

for example i typed in at google.com custom pc and in the sponsered links area it said alienware.com and i know this is a good site cause i go there all the time to look around but it redirects me instead when i click it sometimes to other websites

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 24th March 2009, 11:15 pm

I wonder if it's this, does it look alittle something like this?

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: go.google

Post by chancelor10490 on 24th March 2009, 11:58 pm

idk what it was but it is fixed now i just deleted my history and files stored by add ons when i click the link it takes me there now. idk What it did.

Thank you very much and ill defidently donate to here when i get paid friday thank you very much this is the second computer you fixed for me.

chancelor10490
Novice
Novice

Posts Posts : 22
Joined Joined : 2009-01-16
Gender Gender : Male
OS OS : Vista Home Premium 32 bit
Points Points : 28854
# Likes # Likes : 0

View user profile

Back to top Go down

Re: go.google

Post by Belahzur on 25th March 2009, 12:09 am

Heh. No problem.
I know you've read this before, but read it again and keep both machines safe.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum