Google Redirect to Central-Search

October 27, 2009 at 08:09:01
Specs: Windows Vista
All of my google search results have been redirecting me to various domain ad sites. Recently the google results page itself has automatically redirected to http://www.central-search.com

See More: Google Redirect to Central-Search

Report •


#1
October 27, 2009 at 16:08:20
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Please post the contents of both logs (in separate post) in your next reply.


Report •

#2
October 27, 2009 at 18:37:13
In running log generator an error came up saying: "Subscript used with non-array variable." I hit OK, and the progrsm closed.

Report •

#3
October 27, 2009 at 19:29:59
See if this tool will run.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop
* Please include the following logs in your next reply: DDS.txt and Attach.txt


Report •

Related Solutions

#4
October 28, 2009 at 14:48:10

DDS (Ver_09-10-26.01) - NTFSx86
Run by Nick at 13:21:11.00 on 22/10/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.2.1033.18.894.397 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Nick\AppData\Local\Temp\uttD429.tmp.exe
C:\windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VI5IZEPZ\dds[1].scr
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: precisead browser enhancer: {589213fc-c933-5649-69ea-59d3c89488a5} - c:\windows\system32\vehgfipnbhozo.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [nvd32_r] rundll32.exe "c:\users\nick\appdata\roaming\unobi.dll" s
uRun: [DiskChk help] rundll32.exe "c:\programdata\proto.dll" run
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [AdobeUpdater6] "c:\program files\common files\adobe\updater6\Adobe_Updater.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [S3Trayp] S3trayp.exe -chkautorun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dlpusluskpnpvl] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\vehgfipnbhozo.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\n8q3l9lx.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-2-22 19456]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-11-29 181760]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\VTGKModeDX32.sys [2008-3-27 780800]

=============== Created Last 30 ================

2009-10-21 23:17:34 0 d-----w- c:\program files\trend micro
2009-10-21 16:16:27 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-21 16:16:23 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-21 16:16:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-21 16:16:20 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-21 16:16:10 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-21 12:38:38 7168 ----a-w- c:\windows\system32\drivers\utuxodey.sys
2009-10-14 00:10:10 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 00:08:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-10-14 00:08:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-10-14 00:08:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-14 00:07:30 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 00:06:58 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 00:06:30 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-02 02:44:23 195440 ------w- c:\windows\system32\MpSigStub.exe

==================== Find3M ====================

2009-09-05 04:29:01 86016 ----a-w- c:\windows\inf\infstor.dat
2009-09-05 04:29:01 51200 ----a-w- c:\windows\inf\infpub.dat
2009-09-05 04:29:00 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-08-29 03:41:42 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-29 01:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 01:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:31:54 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-15 23:58:19 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-08-15 23:54:25 416768 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-15 23:54:01 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-15 23:53:03 317440 ----a-w- c:\windows\system32\BFE.DLL
2009-08-15 21:30:09 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-08-14 16:40:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:40:52 15360 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:25:18 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:25:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:25:15 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:25:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:25:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:25:10 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:25:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-05 14:28:45 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:28:44 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-06 17:41:59 174 --sha-w- c:\program files\desktop.ini
2009-05-06 17:30:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-19 13:49:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-19 13:49:01 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-19 13:49:01 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-19 13:49:01 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-04-08 09:22:57 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:23:28.28 ===============


Report •

#5
October 28, 2009 at 14:49:03

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 01/01/2002 1:17:22 AM
System Uptime: 21/10/2009 1:53:45 PM (24 hours ago)

Motherboard: Hewlett-Packard | | 3030
Processor: VIA C7-M Processor 1200MHz | CPU 1 | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 45.015 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 2.588 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP150: 25/09/2009 2:27:01 AM - Scheduled Checkpoint
RP151: 25/09/2009 7:39:47 PM - Windows Update
RP152: 01/10/2009 8:43:02 PM - Windows Update
RP153: 06/10/2009 7:10:17 PM - Windows Update
RP154: 13/10/2009 6:02:29 PM - Windows Update
RP155: 16/10/2009 3:02:07 AM - Windows Update
RP156: 20/10/2009 7:29:33 PM - Scheduled Checkpoint
RP157: 21/10/2009 10:13:25 AM - Windows Update
RP158: 22/10/2009 3:00:33 AM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B14
µTorrent
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Bonjour
Contextual Tool Precisead
dBpoweramp FLAC Codec
dBpoweramp Music Converter
ESU for Microsoft Vista
FLAC 1.2.1b (remove only)
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP 3D DriveGuard
HP Active Support Library
HP Compaq 2133 Mini-Notebook PC Tour
HP Doc Viewer
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP Quick Launch Buttons 6.40 B2
HP Update
HP User Guides 0089
HPNetworkAssistant
InterVideo DVD Check
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 11
LimeWire 5.1.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Spanish) 2007
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Monkey's Audio
Mozilla Firefox (3.5.2)
Photoboof
Platform
Pocket RAR documentation
QuickTime
RON Too1 Precisead
Search Assistant Precisead
Security Update for 2007 Microsoft Office System (KB951944)
SoundConverter
SoundMAX
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB974810)
UseNeXT
VIA Chrome9 HC IGP Family Display
VIA Display Vista Driver 7.14.14.0048
VIA Platform Device Manager
Virtual DJ - Atomix Productions
Vista Default Settings
Windows Live Messenger
WinRAR archiver
Xiph QuickTime Components

==== Event Viewer Messages From Past Week ========

22/10/2009 3:00:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
21/10/2009 5:00:50 AM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
21/10/2009 12:32:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
16/10/2009 4:34:27 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +526642 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.232.182:123) is working properly.
16/10/2009 3:00:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
16/10/2009 3:00:14 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

==== End Of File ===========================


Report •

#6
October 28, 2009 at 19:42:17
A good bit to do.

First you need to uninstall two programs to prevent reinfection before we can get the computer clean. Thes programs are LimeWire and Utorrent, both are know to harbor spyware. To remove them navigate to Control panel>> Programs and Features> scroll down to them one at the time and> right click>click uninstall.

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 16 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.

The infection is precisionad, lets run a few removal tools.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Install the recovery console whem ask. When Combofix begins to run do not move the mouse or the computer could hang.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

To run combofix with Vista you will need to right click the combofix icon> then click "run as admistrator". Also if combofix does not run boot into safe most the try to run it again.

To get into the Windows Vista Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" . Use your arrow keys to select to "Safe Mode" and press your Enter key.

Please post the Malwarebytes log and the Combofix log.


Report •


Ask Question