Google links redirecting help!!!!

July 29, 2010 at 22:52:34
Specs: Windows 7
My google links are redirecting!!!
have already done pre av howto from this site..
clueless now! please help!

See More: Google links redirecting help!!!!

Report •


#1
July 31, 2010 at 06:46:34
These 4 progs should help you:
1- Malwarebytes
2- Trojan Remover
3- Hitman Pro
4- Combofix (choose the one from bleeping computer)
You can google for those and remove all they find. Follow the website instructions when using combofix and you should be fine.

There are other removal tools if the above don't work for you.
There are 100's of posts of google redirection in computing.net

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
August 1, 2010 at 22:29:13
tried the first 3 and they didnt work so i tried combo fix:

log file is the following:

ComboFix 10-08-01.01 - DanyoG 08/01/2010 22:08:25.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3454.2548 [GMT -7:00]
Running from: c:\users\DanyoG\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\%appdata%
F:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 05:19 . 2010-08-02 05:21 -------- d-----w- c:\users\DanyoG\AppData\Local\temp
2010-08-02 05:19 . 2010-08-02 05:19 -------- d-----w- c:\users\Rose\AppData\Local\temp
2010-08-02 05:19 . 2010-08-02 05:19 -------- d-----w- c:\users\Mom & Dad\AppData\Local\temp
2010-08-02 05:19 . 2010-08-02 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-30 05:33 . 2010-07-30 05:33 -------- d-----w- c:\program files\Common Files\Java
2010-07-30 05:33 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 02:30 . 2010-07-30 02:30 -------- d-----w- c:\users\DanyoG\AppData\Roaming\Malwarebytes
2010-07-30 02:30 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 02:30 . 2010-07-30 02:30 -------- d-----w- c:\programdata\Malwarebytes
2010-07-30 02:30 . 2010-07-30 02:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 02:30 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 02:23 . 2010-07-30 02:23 -------- d-----w- c:\program files\iPod
2010-07-28 06:16 . 2010-07-28 06:16 -------- d-----w- c:\users\DanyoG\AppData\Local\Gearbox Software
2010-07-28 04:13 . 2010-07-30 05:28 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-07-27 23:13 . 2010-07-29 05:14 -------- d-----w- c:\program files\Counter Strike Source
2010-07-27 07:45 . 2010-07-29 05:07 -------- d-----w- c:\program files\Valve
2010-07-24 07:46 . 2010-07-24 07:46 -------- d-----w- c:\program files\Trend Micro
2010-07-20 02:46 . 2010-07-29 07:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-20 02:46 . 2010-07-20 02:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-14 00:58 . 2010-07-14 00:58 -------- d-----w- c:\program files\AutoHotkey
2010-07-08 01:36 . 2010-07-08 01:36 -------- d-----w- c:\users\DanyoG\AppData\Roaming\DivX
2010-07-08 01:35 . 2010-07-08 01:35 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-08 01:34 . 2010-07-08 01:35 -------- d-----w- c:\program files\DivX
2010-07-08 01:34 . 2010-07-08 01:36 -------- d-----w- c:\programdata\DivX
2010-07-08 01:21 . 2010-07-08 01:21 -------- d-----w- c:\users\DanyoG\AppData\Local\HandBrake
2010-07-08 01:21 . 2010-07-08 01:21 -------- d-----w- c:\users\DanyoG\AppData\Roaming\HandBrake
2010-07-08 01:21 . 2010-07-08 01:21 -------- d-----w- c:\program files\Handbrake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 04:46 . 2010-03-18 08:51 399354 ----a-w- c:\windows\system32\perfh011.dat
2010-08-02 04:46 . 2010-03-18 08:51 107160 ----a-w- c:\windows\system32\perfc011.dat
2010-08-02 04:46 . 2010-03-10 07:37 372604 ----a-w- c:\windows\system32\prfh0804.dat
2010-08-02 04:46 . 2010-03-10 07:37 105020 ----a-w- c:\windows\system32\prfc0804.dat
2010-08-02 04:27 . 2010-03-08 12:36 -------- d-----w- c:\users\DanyoG\AppData\Roaming\uTorrent
2010-08-01 08:44 . 2010-03-17 22:03 -------- d-----w- c:\users\Rose\AppData\Roaming\ArcSoft
2010-07-31 23:49 . 2010-03-11 05:18 -------- d-----w- c:\program files\Cheat Engine
2010-07-31 22:51 . 2010-05-11 02:01 -------- d-----w- c:\programdata\Mozilla Firefox
2010-07-30 05:33 . 2010-03-09 05:10 -------- d-----w- c:\program files\Java
2010-07-30 05:28 . 2010-06-14 21:44 -------- d-----w- c:\program files\iWin.com Games
2010-07-30 02:24 . 2010-04-09 08:38 -------- d-----w- c:\program files\iTunes
2010-07-30 02:23 . 2010-04-09 08:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-30 02:20 . 2010-07-30 02:20 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-29 07:30 . 2010-03-19 07:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-29 05:53 . 2010-03-08 11:33 355480 ----a-w- c:\users\DanyoG\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-29 03:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-07-27 07:45 . 2010-03-12 01:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-27 07:44 . 2010-03-11 22:38 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-24 07:46 . 2010-07-24 07:46 388096 ----a-r- c:\users\DanyoG\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-20 03:34 . 2010-03-19 07:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-15 05:09 . 2010-03-09 08:49 -------- d-----w- c:\programdata\Microsoft Help
2010-07-08 01:36 . 2010-07-08 01:36 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-04 04:53 . 2010-07-02 06:24 -------- d-----w- c:\programdata\WildTangent
2010-06-30 07:00 . 2010-06-30 07:00 355096 ----a-w- c:\users\Rose\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 00:57 . 2010-05-21 05:46 -------- d-----w- c:\program files\Activision
2010-06-30 00:41 . 2010-03-08 12:32 -------- d-----w- c:\program files\CCleaner
2010-06-30 00:23 . 2010-06-30 00:23 -------- d-----w- c:\users\DanyoG\AppData\Roaming\Publish Providers
2010-06-30 00:23 . 2010-06-30 00:10 -------- d-----w- c:\users\DanyoG\AppData\Roaming\Sony
2010-06-30 00:08 . 2010-06-30 00:08 -------- d-----w- c:\programdata\Sony
2010-06-30 00:07 . 2010-06-30 00:07 -------- d-----w- c:\program files\Sony
2010-06-23 05:13 . 2010-03-09 08:52 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 15:39 . 2010-06-21 15:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-21 15:39 . 2010-03-08 12:51 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-21 15:38 . 2010-03-08 12:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-17 21:21 . 2010-06-17 21:21 -------- d-----w- c:\program files\Bonjour
2010-06-16 23:43 . 2010-03-10 08:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-15 23:37 . 2010-06-15 08:28 -------- d-----w- c:\program files\AVS4YOU
2010-06-15 23:36 . 2010-06-15 08:28 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-15 08:29 . 2010-06-15 08:29 -------- d-----w- c:\users\DanyoG\AppData\Roaming\AVS4YOU
2010-06-15 08:29 . 2010-06-15 08:28 -------- d-----w- c:\programdata\AVS4YOU
2010-06-14 21:43 . 2010-06-14 21:43 -------- d-----r- c:\users\Mom & Dad\AppData\Roaming\Brother
2010-06-14 19:08 . 2010-06-19 01:15 545280 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-06-14 19:08 . 2010-06-19 01:15 4687360 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-06-14 19:08 . 2010-06-19 01:15 425984 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-06-14 19:08 . 2010-06-19 01:15 152064 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-06-14 19:08 . 2010-06-19 01:15 103424 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-06-14 19:08 . 2010-06-19 01:15 4687872 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-06-14 19:08 . 2010-06-19 01:15 57856 ----a-w- c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-06-13 23:33 . 2010-06-13 23:33 -------- d-----w- c:\program files\4Winds2
2010-06-13 08:03 . 2010-06-02 05:43 -------- d-----w- c:\program files\Texter
2010-06-13 08:03 . 2010-05-05 07:01 -------- d-----w- c:\users\DanyoG\AppData\Roaming\Rainmeter
2010-06-11 04:02 . 2010-06-09 04:38 -------- d-----w- c:\users\DanyoG\AppData\Roaming\runic games
2010-06-09 21:37 . 2010-06-09 21:37 -------- d-----w- c:\programdata\TP-LINK
2010-06-09 04:49 . 2010-03-17 06:31 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 23:21 . 2010-06-03 23:21 -------- d-----w- c:\users\DanyoG\AppData\Roaming\Leadertech
2010-06-02 11:55 . 2010-06-30 00:54 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 11:55 . 2010-06-30 00:54 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 11:55 . 2010-06-30 00:54 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-06-02 07:17 . 2010-06-02 07:17 1 ----a-w- c:\users\DanyoG\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-02 05:54 . 2010-06-02 05:54 1791 ----a-w- c:\users\DanyoG\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-06-02 05:54 . 2010-06-02 05:54 1779 ----a-w- c:\users\DanyoG\AppData\Roaming\.purple\certificates\x509\tls_peers\api.oscar.aol.com
2010-06-02 05:54 . 2010-06-02 05:54 1691 ----a-w- c:\users\DanyoG\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-05-31 15:22 . 2010-03-08 12:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-13 09:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-13 09:02 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 18:41 . 2010-06-30 00:54 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 18:41 . 2010-06-30 00:54 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 18:41 . 2010-06-30 00:54 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 18:41 . 2010-06-30 00:54 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 18:41 . 2010-06-30 00:54 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-25 04:58 . 2010-05-25 04:58 4 ----a-w- C:\KLSA.DAT
2010-05-23 05:55 . 2010-05-23 05:55 82726 ----a-r- c:\users\DanyoG\AppData\Roaming\Microsoft\Installer\{21E37357-9004-481C-AC61-215137E773A1}\_50D53F86DCB83ECDFDE963.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-09 09:14 . 2010-06-23 05:09 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-23 05:09 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-06 07:40 . 2010-05-06 07:40 495104 ----a-w- c:\windows\system32\sqlite3.dll
2009-11-17 05:14 . 2010-03-08 13:01 1239002 ----a-w- c:\program files\WinRAR v3.80 PRO Precracked By REZMAN1984 Setup.exe
2009-11-17 05:14 . 2010-03-08 13:01 4413 ----a-w- c:\program files\ReadMe First!!!.txt
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\DanyoG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Texter.lnk - c:\program files\Texter\texter.exe [2007-11-6 377303]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe [2010-6-1 282624]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2010-3-13 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\DRIVERS\wg121nd5.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-10 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-21 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-21 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-21 308136]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2009-12-31 1445376]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2010-07-20 16:01]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\DanyoG\AppData\Roaming\Mozilla\Firefox\Profiles\bq5rf5ap.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-F.lux - c:\users\DanyoG\Local Settings\Apps\F.lux\flux.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-Google Pinyin 2 Autoupdater - c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
AddRemove-{3BD98AAF-61B5-46E0-A6C8-593C242C7C48} - c:\program files\InstallShield Installation Information\{3BD98AAF-61B5-46E0-A6C8-593C242C7C48}\setup.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86E4EB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x85a6de88
QueryNameProcedure -> 0x85a6d018
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5840)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-01 22:27:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-02 05:27

Pre-Run: 32,983,347,200 bytes free
Post-Run: 33,399,607,296 bytes free

- - End Of File - - CD9F2EF68129712809C1C8E48BCEC681


Report •

#3
August 1, 2010 at 22:33:50
PROBLEM NOT SOLVED

Report •

Related Solutions

#4
August 2, 2010 at 11:00:01
Its a browser hijacker virus. You should install UnHack Me program, or do the manual fix steps as instructed here at
http://darfuns.com/remove-google-se...

TechVTS - Virus removal techniques


Report •

#5
August 2, 2010 at 17:31:07
unhack me/ reanimator found rootkit but asks me to pay for a cd..

Report •

#6
August 2, 2010 at 18:09:13

Report •

#7
August 2, 2010 at 19:34:51
Try other malware tool. There are lots of free version out there.

_____________________
property investors


Report •

#8
August 2, 2010 at 21:09:40
Here's my hijack this log.
can anyone tell me whats good and wats bad?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:59 PM, on 8/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\Texter\texter.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Texter.lnk = C:\Program Files\Texter\texter.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 5897 bytes


Report •

#9
August 2, 2010 at 21:38:05

Report •

#10
August 2, 2010 at 21:43:06
well, i was told to use hijack this but i was also told that online script readers are faulty so I was wondering if anyone could help.
Im sick and tired of my links redirecting.

Report •

Ask Question