results.5.google.com help please..

Compaq / Rx896aa-aba sr5030nx
June 6, 2010 at 14:08:03
Specs: Microsoft Windows XP Professional, 3.2 GHz / 1015 MB
I dont know what this is.. and how to remove it. I need some serious assistance, its really annoying. Whenever I try to search something on google it just redirects me to "results.5.google." and ends up leading me to some ad site, also another symptom is I cannot download ANYTHING I mean anything from Microsoft's site. :\


See More: results.5.google.com help please..

Report •

#1
June 6, 2010 at 14:55:03
run all these scans and see if they remove the problem, you can google for them
1- malwarebytes
2- Trojan Remover
3- Hitman Pro

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
June 6, 2010 at 18:27:01
Ive ran malwarebytes "flash scan" and I found something finnaly. Here's my log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 3:29:43 PM
mbam-log-2010-06-06 (15-29-43).txt

Scan type: Flash scan
Objects scanned: 96677
Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25c8c9e3-c6ea-456a-938a-e532b23e2f57}\NameServer (Trojan.DNSChanger) -> Data: 93.188.166.105,93.188.161.105 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thing is im still getting redirected and I still CANT download from Microsoft at ALL. =\ Trojan Remover came up with nothing..same thing with Hitman Pro.


Report •

#3
June 6, 2010 at 21:54:49
Any suggestions ? =\

Report •

Related Solutions

#4
June 7, 2010 at 06:24:10

Report •

#5
June 7, 2010 at 16:50:48
Ive scanned and it did some stuff. Here is my log if needed

ComboFix 10-06-07.03 - Anthony Thai 06/07/2010 16:30:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.634 [GMT -7:00]
Running from: c:\documents and settings\Anthony Thai\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony Thai\Application Data\inst.exe
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\vb40016.dll
c:\windows\system32\vb40032.dll

c:\windows\system32\msgsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 13:46 . 2010-06-07 13:47 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\ApplicationHistory
2010-06-07 13:44 . 2010-06-07 13:51 -------- d-----w- c:\windows\ie8updates
2010-06-07 13:27 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-07 13:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-07 13:26 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-07 13:26 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-06-07 13:26 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-06-07 13:26 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-07 13:24 . 2010-06-07 13:55 -------- d--h--w- c:\windows\$hf_mig$
2010-06-07 01:30 . 2010-06-07 03:33 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-07 01:29 . 2010-06-07 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-07 01:29 . 2010-06-07 01:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-06 23:27 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-06 23:27 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-06 23:27 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-06 23:27 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-06 23:27 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\program files\Trojan Remover
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Simply Super Software
2010-06-06 23:27 . 2010-06-06 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-06 23:15 . 2010-06-06 23:15 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Installer1028
2010-06-06 23:04 . 2010-06-06 23:04 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Installer568
2010-06-06 22:21 . 2010-06-06 22:21 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Malwarebytes
2010-06-06 22:21 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 22:21 . 2010-06-06 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 22:21 . 2010-06-06 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 22:21 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 07:42 . 2007-02-20 23:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-06-06 07:42 . 2007-02-20 23:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll
2010-06-06 00:18 . 2010-06-06 00:18 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Publish Providers
2010-06-06 00:12 . 2010-06-06 00:18 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Sony
2010-06-06 00:12 . 2010-06-06 00:12 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Sony
2010-06-06 00:09 . 2010-06-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-06-06 00:09 . 2010-06-06 00:09 -------- d-----w- c:\program files\Sony
2010-06-05 21:20 . 2010-06-05 21:20 -------- d-----w- c:\program files\Common Files\WoWGasm
2010-06-05 19:53 . 2010-06-05 20:03 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-05 19:53 . 2010-06-05 20:13 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-05 19:53 . 2010-06-05 19:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-05 19:53 . 2010-06-05 19:53 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\PunkBuster
2010-06-05 04:39 . 2010-06-07 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-05 04:24 . 2010-06-05 04:24 -------- d-----w- C:\GamepotUSA
2010-06-02 03:01 . 2010-06-02 03:01 -------- d-----w- c:\program files\Common Files\Macromedia
2010-06-02 03:00 . 2010-06-02 03:00 -------- d-----w- c:\program files\Macromedia
2010-06-02 02:59 . 2010-06-02 02:59 -------- d-----w- c:\windows\Downloaded Installations
2010-06-01 21:49 . 2010-06-01 21:49 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 21:49 . 2010-06-01 21:52 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-06-01 21:49 . 2010-06-01 21:49 -------- d-----w- c:\program files\Microsoft.NET
2010-06-01 21:49 . 2010-06-01 21:49 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-01 21:49 . 2010-06-01 21:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 21:48 . 2010-06-01 21:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-01 21:46 . 2010-06-01 21:50 -------- d-----w- c:\windows\SHELLNEW
2010-06-01 21:46 . 2010-06-01 21:46 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-01 21:45 . 2010-06-01 21:45 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Microsoft Help
2010-06-01 21:45 . 2010-06-02 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-01 21:45 . 2010-06-01 21:45 -------- d-----r- C:\MSOCache
2010-06-01 02:57 . 2010-06-05 17:28 -------- d-----w- c:\program files\TalismanOnline
2010-05-31 22:35 . 2010-05-31 22:35 -------- d-----w- c:\program files\AeriaGames
2010-05-31 20:55 . 2010-06-01 08:18 -------- d-----w- C:\FarmVilleBot_2.1
2010-05-31 16:02 . 2010-05-31 16:02 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\NPLUTO Corporation
2010-05-31 15:46 . 2010-05-31 15:54 -------- d-----w- c:\windows\system32\Adobe
2010-05-31 15:31 . 2010-05-31 23:45 -------- d-----w- c:\program files\DriftCity
2010-05-30 17:56 . 2010-06-01 02:35 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\NeopleLauncherDFO
2010-05-30 17:49 . 2010-05-30 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-30 17:18 . 2010-06-05 08:03 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\PMB Files
2010-05-30 17:18 . 2010-06-05 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-30 17:18 . 2010-05-30 17:18 -------- d-----w- c:\program files\Pando Networks
2010-05-29 20:11 . 2010-05-29 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-29 20:11 . 2010-05-29 20:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-29 20:11 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-29 20:10 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-29 20:10 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-29 20:10 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-29 20:10 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-29 17:37 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-29 17:37 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-29 17:36 . 2010-05-29 17:36 -------- d-----w- c:\program files\iPod
2010-05-29 08:28 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-05-29 08:28 . 2010-05-29 08:28 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-05-29 05:46 . 2010-05-29 05:46 -------- d-----w- C:\ijji
2010-05-29 05:15 . 2010-05-30 22:52 -------- d--h--w- c:\documents and settings\Anthony Thai\Application Data\ijjigame
2010-05-28 06:03 . 2010-01-02 06:32 10752 ----a-w- C:\irecovery.exe
2010-05-28 06:03 . 2005-03-08 08:18 229888 ----a-w- C:\readline5.dll
2010-05-28 05:24 . 2009-07-08 01:53 28160 ----a-w- c:\windows\system32\drivers\libusb0.sys
2010-05-28 05:24 . 2009-07-08 01:52 41984 ----a-w- c:\windows\system32\libusb0.dll
2010-05-28 05:23 . 2010-05-28 05:23 124310 ----a-w- C:\irecovery-0.3.2-win32.zip
2010-05-27 04:00 . 2010-05-27 04:00 18588 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-27 03:51 . 2010-05-27 04:04 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Apple Computer
2010-05-27 03:50 . 2010-05-27 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-27 03:50 . 2010-05-29 17:37 -------- d-----w- c:\program files\iTunes
2010-05-27 03:50 . 2010-05-27 03:50 -------- d-----w- c:\program files\Apple Software Update
2010-05-27 03:49 . 2010-05-29 17:37 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-27 03:49 . 2010-04-16 15:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-27 03:49 . 2010-04-16 15:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-25 04:02 . 2010-05-25 04:02 0 ----a-w- c:\documents and settings\Anthony Thai\jagex__preferences3.dat
2010-05-25 04:02 . 2010-06-03 04:13 87 ----a-w- c:\documents and settings\Anthony Thai\jagex_runescape_preferences2.dat
2010-05-25 04:01 . 2010-06-03 03:17 42 ----a-w- c:\documents and settings\Anthony Thai\jagex_runescape_preferences.dat
2010-05-25 04:01 . 2010-05-25 04:03 -------- d-----w- c:\windows\.jagex_cache_32
2010-05-25 03:58 . 2010-05-25 03:58 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 03:58 . 2010-05-25 03:58 -------- d-----w- c:\program files\Sun
2010-05-25 03:57 . 2010-05-25 03:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 03:48 . 2010-05-25 17:30 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Conduit
2010-05-25 03:48 . 2010-05-25 21:26 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Softonic-Eng7
2010-05-25 03:48 . 2010-05-25 03:48 -------- d-----w- c:\program files\Conduit
2010-05-25 03:48 . 2010-05-25 03:48 -------- d-----w- c:\program files\MSECache
2010-05-25 03:37 . 2010-06-07 23:39 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\TSVNCache
2010-05-25 03:36 . 2010-05-25 03:36 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\TortoiseSVN
2010-05-25 03:35 . 2010-05-25 03:35 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Subversion
2010-05-25 03:35 . 2010-05-25 03:35 -------- d-----w- c:\program files\TortoiseSVN
2010-05-25 03:35 . 2010-05-25 03:35 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-05-24 19:10 . 2010-06-05 19:53 -------- d-----w- c:\windows\system32\LogFiles
2010-05-23 15:27 . 2010-05-23 15:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-23 15:26 . 2010-05-23 15:26 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Blizzard Entertainment
2010-05-23 07:19 . 2010-05-23 07:19 611064 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 03:14 . 2010-06-02 13:58 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\U3
2010-05-23 01:08 . 2010-05-29 20:07 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 22:01 . 2010-05-22 22:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-22 22:01 . 2010-05-22 22:01 -------- d-----w- c:\program files\Real
2010-05-22 22:01 . 2010-05-22 22:02 -------- d-----w- c:\program files\Common Files\Real
2010-05-22 04:31 . 2010-05-29 20:04 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-22 04:31 . 2010-05-29 20:04 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\SystemRequirementsLab
2010-05-22 04:31 . 2010-05-22 04:31 -------- d-----w- c:\windows\Sun
2010-05-22 01:38 . 2010-06-07 23:40 -------- d-----w- c:\program files\Steam
2010-05-22 01:37 . 2010-05-29 03:05 -------- d-----w- c:\documents and settings\Anthony Thai\Local Settings\Application Data\Temp
2010-05-22 01:37 . 2010-05-22 01:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-22 01:32 . 2010-05-22 01:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 02:59 . 2010-05-16 21:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-01 21:50 . 2010-05-16 20:54 -------- d-----w- c:\program files\MSBuild
2010-05-29 05:11 . 2010-05-29 05:11 -------- d-----w- c:\program files\ijji
2010-05-22 22:01 . 2010-05-16 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-21 02:45 . 2010-05-16 20:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-19 03:52 . 2010-05-16 20:42 -------- d-----w- c:\program files\Unlocker
2010-05-18 05:19 . 2010-05-18 05:19 47360 ----a-w- c:\documents and settings\Anthony Thai\Application Data\pcouffin.sys
2010-05-17 05:09 . 2010-05-16 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-16 21:56 . 2010-05-16 21:50 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\Yahoo!
2010-05-16 21:56 . 2010-05-16 21:56 -------- d-----w- c:\program files\Alwil Software
2010-05-16 21:56 . 2010-05-16 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-16 21:53 . 2010-05-16 21:51 -------- d-----w- c:\documents and settings\Anthony Thai\Application Data\acccore
2010-05-16 21:51 . 2010-05-16 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-05-16 21:51 . 2010-05-16 21:51 -------- d-----w- c:\program files\AIM
2010-05-16 21:51 . 2010-05-16 21:51 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-05-16 21:51 . 2010-05-16 21:51 -------- d-----w- c:\program files\Common Files\AOL
2010-05-16 20:54 . 2010-05-16 20:54 -------- d-----w- c:\program files\Reference Assemblies
2010-05-16 20:49 . 2010-05-16 20:49 -------- d-----w- c:\program files\microsoft frontpage
2010-05-16 20:45 . 2010-05-16 20:45 -------- d-----w- c:\program files\hkSFV
2010-05-16 20:44 . 2010-05-16 20:44 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-16 20:42 . 2010-05-16 20:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-16 20:42 . 2010-05-16 20:42 -------- d-----w- c:\program files\Utilities
2010-05-16 20:41 . 2010-05-16 20:41 -------- d-----w- c:\program files\Desktop
2010-05-06 20:59 . 2010-05-16 21:56 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-05-16 21:56 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-05-16 13:38 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2010-05-16 13:38 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-05-16 21:01 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2008-05-16 21:01 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2008-05-16 21:01 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2008-05-16 21:01 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2008-05-16 21:01 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-24 23:57 . 2010-05-29 05:11 713312 ----a-w- c:\windows\system32\ijjiSetup.exe
2010-03-24 23:56 . 2010-05-29 05:11 62048 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2010-03-24 23:56 . 2010-05-29 05:11 57952 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2010-03-24 23:56 . 2010-05-29 05:11 86624 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2010-03-16 18:59 . 2010-05-29 05:11 9728 ----a-w- c:\windows\system32\uc_karos_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 208384 ----a-w- c:\windows\system32\uc_rohan_launching.dll
2010-03-16 18:59 . 2010-05-29 05:11 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-03-10 06:15 . 2002-12-31 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 23:05 739688 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-05-11 5252408]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-21 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-22 1238352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2002-12-31 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-22 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-04-26 58216]
"GrooveMonitor"="c:\progra~1\MICROS~2\Office14\GROOVEMN.EXE" [2009-04-26 875392]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-06-07 5937984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-4-8 122264]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\lejendx\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\ijjiOptimizer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\OutBound_Pul.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\lejendx\\age of chivalry\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58838:TCP"= 58838:TCP:Pando Media Booster
"58838:UDP"= 58838:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/23/2010 12:19 AM 611064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/16/2010 2:56 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/16/2010 2:56 PM 19024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/6/2010 3:21 PM 304464]
R2 osppsvc;Office Software Protection Platform;c:\windows\system32\OSPPSVC.EXE [4/8/2009 3:37 PM 4319136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/6/2010 3:21 PM 20952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/21/2010 6:32 PM 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [5/27/2010 10:24 PM 28160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [4/25/2009 6:18 PM 33480048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASPI32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]
2002-12-31 12:00 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 01:31]

2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-22 01:31]

2010-06-07 c:\windows\Tasks\Install.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-06-05 05:35]

2010-06-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-861567501-2025429265-1606980848-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

2010-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-861567501-2025429265-1606980848-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ijji.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Anthony Thai\Application Data\Mozilla\Firefox\Profiles\v1adwtj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Anthony Thai\Application Data\Mozilla\Firefox\Profiles\v1adwtj3.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Anthony Thai\Application Data\Mozilla\Firefox\Profiles\v1adwtj3.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
HKLM-Run-nwiz - nwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 16:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(528)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-07 16:48:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 23:48

Pre-Run: 86,265,376,768 bytes free
Post-Run: 87,409,381,376 bytes free

- - End Of File - - 92AFCEF6A02D8F93D70625D87410B930


Report •

#6
June 7, 2010 at 22:05:38
I had been dealing with this for a few days. Running scan after scan until finally I reset my router using the reset hole in the back of the router. Some routers you have to hold that reset button for thirty seconds or so. After that reset your modem too. If you do this successfully then you should get rid of this nagging results5.google.com crap!!!!

Report •

#7
August 25, 2010 at 11:58:49
This is one very annoying problem I too had real issues clearing this one try flushing your DNS - deleting your restore points (which can be infected too)
Reset your router manually with the reset button - hold for a while for reset.

This virus also stops updates of antivirus programs making detection impossible if you have any free editions of antimalware or superantivirus free ed, they will eliminate on reinstallation, i also found that this virus changes your DNS to a russian server so I had to re enter manual DNS settings which i got from my isp.

Good luck


Report •

#8
August 25, 2010 at 16:06:20
Hello legends, welcome back =]..Haha. Try following this tutorial here: http://www.computing.net/howtos/sho...

Helpful tips before getting started: http://www.computing.net/howtos/sho...


Report •

Ask Question