google link keep redirecting me to other site

Samsung Nc10-13gb netbook
October 5, 2010 at 09:20:24
Specs: Windows XP
For the last 2 weeks every time I click a link on google it redirects me to ramdom sites. I followed some advice from online sites to down load malware bites and super antispyware, and although these have improved teh problem, it only happens half the time now, it is still not cured. I'm becomeing rather anoyed with it now.

please help

Lee


See More: google link keep redirecting me to other site

Report •


#1
October 5, 2010 at 09:50:24
Start by unchecking everything from startup EXCEPT your anti-virus.
Reboot and then try:
1- Trojan Remover
2- Hitman Pro
Run them till they are clean and then uninstall them in all programs...NOT in add/remove as they are both fully functional 30 day trials

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
October 5, 2010 at 10:05:25
Thanks for your help,

I dont understand what you mean by "Start by unchecking everything from startup"

thanks

Lee


Report •

#3
October 5, 2010 at 10:20:07
ignore my last message i've done it.

Lee


Report •

Related Solutions

#4
October 5, 2010 at 11:16:41
I've done as you suggested and it does appear to have cured the problem though its only been an hour.

The only problem is that Hit man pro keeps finding a high risk cloaked malware and although it says it will be fully removed on reboot, this comes up failed on the re-load and the same malware is found again on the next scan. I've scanned it 5 times and it keeps doing the same. I include the diagnostic report below.

Log computer="LEENETBOOK" scan="Normal" version="3.5.6.115" date="2010-10-05T19:06:43" reboot="yes" timeSpentInSecs="301" filesProcessed="34807">
- <Item type="Malware" malwareName="Malware" score="104.0" status="PendingDelete">
- <Scanners>
<Scanner id="G Data" name="Win32:Malware-gen (Engine-B)" />
<Scanner id="Prevx" name="High Risk Cloaked Malware" />
<Scanner id="Ikarus" name="Trojan.Win32.Vundo!IK" />
</Scanners>
<File path="C:\WINDOWS\system32\dbnetlib3.dll" hash="04082EB6F4C70B1B787A8735C53C59CA5AE40F909AB5359D7A35F76A2CB2C96D" />
</Item>
</Log>

Any ideas what i should do to get rid of this?

thanks

Lee


Report •

#5
October 5, 2010 at 19:46:30
Try combofix, that will probably nip it in the bud:
http://www.bleepingcomputer.com/com...
Follow the guide and you should be fine

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#6
October 10, 2010 at 03:50:03
sorry for delay I was away on buisness.
Combbofix hasn't removed the malware, it is still found on the hitman pro search.

I attach the Combofix report below. Do I need to do anything else?

thanks for all your help

Lee

ComboFix 10-10-05.06 - Lee Riddell 06/10/2010 16:53:57.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.637 [GMT 1:00]
Running from: c:\documents and settings\Lee Riddell\Desktop\Combo-fix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10ENG.exe
c:\windows\SEC\Region.vbs
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\Temp\scsF.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 15:29 . 2010-07-26 18:13 3683248 ----a-w- c:\documents and settings\Lee Riddell\Application Data\Simply Super Software\Trojan Remover\qdkC.exe
2010-10-05 17:35 . 2010-10-06 15:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-05 17:35 . 2010-10-05 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-10-05 17:35 . 2010-10-05 17:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-10-05 17:31 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-05 17:31 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-05 17:31 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-05 17:31 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-05 17:31 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-05 17:31 . 2010-10-05 17:31 -------- d-----w- c:\program files\Trojan Remover
2010-10-05 17:31 . 2010-10-05 17:31 -------- d-----w- c:\documents and settings\Lee Riddell\Application Data\Simply Super Software
2010-10-05 17:31 . 2010-10-05 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-10-01 09:28 . 2010-10-01 09:28 63488 ----a-w- c:\documents and settings\Lee Riddell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-01 09:28 . 2010-10-01 09:28 52224 ----a-w- c:\documents and settings\Lee Riddell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-01 09:28 . 2010-10-01 09:28 117760 ----a-w- c:\documents and settings\Lee Riddell\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-01 09:26 . 2010-10-01 09:26 -------- d-----w- c:\documents and settings\Lee Riddell\Application Data\SUPERAntiSpyware.com
2010-10-01 09:26 . 2010-10-01 09:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-01 09:25 . 2010-10-01 09:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-22 22:29 . 2010-09-22 22:29 -------- d-----w- c:\documents and settings\Lee Riddell\Application Data\Malwarebytes
2010-09-22 22:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 22:29 . 2010-09-22 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-22 22:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 22:29 . 2010-09-22 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-18 23:21 . 2010-09-18 23:21 155648 --sha-r- c:\windows\system32\dbnetlib3.dll
2010-09-13 14:12 . 2010-09-13 14:12 -------- d-----w- c:\documents and settings\Gemma Riddell\Application Data\Epson
2010-09-07 14:39 . 2010-09-07 14:39 -------- d-----w- c:\documents and settings\Lee Riddell\Application Data\Epson
2010-09-07 14:01 . 2007-09-07 16:33 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2010-09-07 14:01 . 2007-03-28 17:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2010-09-07 14:01 . 2006-12-19 17:31 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2010-09-07 14:01 . 2006-12-19 17:20 77824 ----a-w- c:\windows\system32\EBAPI.dll
2010-09-07 14:01 . 2003-12-17 00:01 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2010-09-07 13:59 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-09-07 13:59 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGCE.DLL
2010-09-07 13:59 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBGCE.DLL
2010-09-07 13:59 . 2008-04-13 23:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-07 13:59 . 2008-04-13 23:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-07 13:57 . 2010-09-07 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-09-07 13:52 . 2010-09-07 13:55 -------- d-----w- c:\program files\Epson Software
2010-09-07 13:51 . 2010-09-07 13:51 -------- d-----w- c:\documents and settings\Lee Riddell\Local Settings\Application Data\ABBYY
2010-09-07 13:45 . 2010-09-07 13:52 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint
2010-09-07 13:45 . 2010-09-07 13:45 -------- d-----w- c:\program files\Common Files\ABBYY
2010-09-07 13:45 . 2010-09-07 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2010-09-07 13:44 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\ensppui.dll
2010-09-07 13:44 . 2008-12-01 12:00 457611 ----a-w- c:\windows\system32\enppui.dll
2010-09-07 13:44 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\ensppmon.dll
2010-09-07 13:44 . 2008-12-01 11:58 474892 ----a-w- c:\windows\system32\enppmon.dll
2010-09-07 13:44 . 2008-06-18 10:49 249344 ----a-w- c:\windows\system32\enspres.dll
2010-09-07 13:44 . 2008-06-18 10:49 249344 ----a-w- c:\windows\system32\enpres.dll
2010-09-07 13:43 . 2010-09-07 14:01 -------- d-----w- c:\program files\Common Files\EPSON
2010-09-07 13:42 . 2010-09-07 13:44 -------- d-----w- c:\program files\EpsonNet
2010-09-07 13:39 . 2010-09-07 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-09-07 13:38 . 2009-09-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-09-07 13:38 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll
2010-09-07 13:38 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2010-09-07 13:38 . 2010-09-07 13:53 -------- d-----w- c:\program files\epson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 15:32 . 2009-06-06 12:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-29 08:10 . 2009-04-18 09:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-17 12:11 . 2009-01-18 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-15 23:17 . 2008-11-11 23:44 -------- d-----w- c:\program files\McAfee
2010-09-07 13:55 . 2008-11-11 23:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-24 13:57 . 2010-07-28 10:39 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57 . 2010-07-28 10:39 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-08-24 13:57 . 2010-07-28 10:39 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57 . 2010-07-28 10:39 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 13:57 . 2010-07-28 10:39 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-24 13:57 . 2010-07-28 10:39 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57 . 2010-05-31 19:32 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2008-11-11 23:45 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57 . 2008-11-11 23:45 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-24 13:57 . 2008-11-11 23:45 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-17 13:17 . 2008-11-11 22:11 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2008-11-11 22:11 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 16:16 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2005-05-26 14:35 . 2009-01-18 20:34 1422 ----a-w- c:\program files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ-DUB Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EZ-DUB Finder.lnk
backup=c:\windows\pss\EZ-DUB Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 06:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BatteryManager]
2008-10-20 18:32 2768896 ----a-w- c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-14 14:34 148776 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMHotKey]
2006-12-27 23:45 466944 ----a-w- c:\program files\Samsung\Easy Display Manager\DMLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EDS]
2007-12-21 04:40 659456 ----a-w- c:\program files\Samsung\Samsung EDS\EDSAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 09:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX420W(Network)]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX420W Series]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGCE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-28 22:00 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-28 22:00 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 12:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 06:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 17:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
2006-05-15 03:00 151552 ----a-w- c:\program files\Samsung\MagicKBD\PreMKbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-06-24 21:32 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-09-14 14:50 161064 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-11 23:35 36972 ----a-w- c:\program files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPBackGround]
2010-04-20 13:26 300912 ----a-w- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-28 14:04 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-28 18:34 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2010-08-02 13:47 1167808 ----a-w- c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [28/07/2010 11:39 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [28/07/2010 11:43 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17:07 759048]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09/10/2009 05:45 169312]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/11/2008 00:36 4300]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [28/07/2010 11:38 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [28/07/2010 11:38 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [28/07/2010 11:38 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [28/07/2010 11:39 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [28/07/2010 11:39 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 20:11 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [28/07/2010 11:39 55840]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [28/07/2010 11:39 312904]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [28/07/2010 11:39 88544]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/11/2008 00:40 238464]
S2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [30/10/2006 23:29 36864]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [05/10/2010 18:35 16968]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [28/07/2010 11:39 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28/07/2010 11:39 84264]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [30/10/2006 23:29 19840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 17:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-11 10:53]

2010-09-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-11-11 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = wwwcache.gla.ac.uk:8080
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-10-06 17:12:03
ComboFix-quarantined-files.txt 2010-10-06 16:12

Pre-Run: 56,946,454,528 bytes free
Post-Run: 57,292,255,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 2311B7821617566EE2F1F47108C479FF


Report •

#7
October 10, 2010 at 05:14:58
re-enable your firewall

larry


Report •

#8
October 10, 2010 at 07:00:30
Download rkill.exe and run it to kill the process.
http://www.technibble.com/rkill-rep...
Then download and run tdss killer
http://support.kaspersky.com/viruse...
After that is done, run Malwarebytes doing a full scan
http://www.filehippo.com/download_m...
That should take care of your problem

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Ask Question