Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect? [Solved]

Started by tcl322 , Oct 05 2012 02:43 PM

  • This topic is locked This topic is locked

#16
gringo_pr
Posted 09 October 2012 - 12:11 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

Advertisements

#17
tcl322
Posted 09 October 2012 - 01:02 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I reset FF. I think all of my add-ons are gone. When searching in google, I got no redirects. The google toolbar still does not work, but I may have messed that up trying to fix it myself. I had googled how to fix it and was told to delete two files which I did. It didn't do anything but don't know if that would have anything to do with it. When I go to what was my homepage I see this:
You have requested an encrypeted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.

While I was browsing on google, a warning popped up stating:
Add-ons may be causing problems
Firefox has determined that the following add-ons are known to cause stability or security problems: Java™ SE 6 U26

So I disabled that and restarted firefox.
  • 0

#18
gringo_pr
Posted 09 October 2012 - 01:52 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I think you will have to reinstall firefox to get it working


I want you to uninstall it and if asked about user data or settings then remove that also


restart the computer and reinstall firefox



gringo
  • 0

#19
tcl322
Posted 09 October 2012 - 02:04 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok...I have a few questions if you have the time.

Do you think the virus is gone?

I was using webroot at the time I got the virus. That has since expired. I now have Spybot, Superantispyware, and Malawarebytes. Do I need any other type of program to be better protected? A firewall maybe?

This time it seemed like only FF was affected. Do I need to have all programs and browsers closed when I am scanning with these tools or can I be doing stuff?

Should I delete everything that you told me to download?

Thank you so much for your help.
  • 0

#20
gringo_pr
Posted 09 October 2012 - 03:05 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Do you think the virus is gone? - yes at this time it appears to be gone

I was using webroot at the time I got the virus. That has since expired. I now have Spybot, Superantispyware, and Malawarebytes. Do I need any other type of program to be better protected? A firewall maybe? all of those programs are antispyware programs and what you need now is an antivirus program - I would check out MSE from microsoft

This time it seemed like only FF was affected. Do I need to have all programs and browsers closed when I am scanning with these tools or can I be doing stuff? - when you are actively scanning the more that is closed the better

Should I delete everything that you told me to download? - I will do this when we are done


Did you reinstall firefox and how are things working?


gringo
  • 0

#21
tcl322
Posted 09 October 2012 - 03:24 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I have tried a couple of times and waited a while. I go to programs and features under the control panel and click uninstall and nothing happens. Trying again now.
  • 0

#22
gringo_pr
Posted 09 October 2012 - 03:46 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
try using this

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs click on xxxxx and chose Uninstall
  • When prompted click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, when prompted again click Yes > Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Next > Yes.
  • Once done click Finish.
.
  • 0

#23
tcl322
Posted 09 October 2012 - 04:36 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok I did all that. Rebooted and FF is still here. There was no xxxxxx and I selected Mozilla FF to uninstall. Was this wrong?
  • 0

#24
gringo_pr
Posted 09 October 2012 - 07:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


you did correct XXX was just an example


try downloading firefox again and install it over the other one


gringo
  • 0

#25
tcl322
Posted 10 October 2012 - 04:55 AM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok...but the current version is 16 and that is not yet supported by my work. I went to download 14, which is what I have now from Mozilla, and it takes me to another site: http://www.top10down....com/firefox-14 Would this be a trusted site do you think?
  • 0

Advertisements

#26
gringo_pr
Posted 10 October 2012 - 03:46 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
It looks fine to me me I went thru the process and it was fine



gringo
  • 0

#27
tcl322
Posted 10 October 2012 - 03:59 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Yeah! I just used it again and it is actually working now! How did you know?
  • 0

#28
tcl322
Posted 10 October 2012 - 04:00 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok no...I took that wrong. Anyway, the google box is working now. I don't think I have to reinstall. Ha!
  • 0

#29
gringo_pr
Posted 10 October 2012 - 04:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#30
tcl322
Posted 10 October 2012 - 05:23 PM

tcl322

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Combo fix log:

ComboFix 12-10-10.02 - Owner 10/10/2012 18:04:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1594 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 23:15 . 2012-10-10 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 08:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-10 08:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 08:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-10 08:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-10 08:17 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-10 08:06 . 2012-10-10 08:06 -------- d-----w- c:\program files\Common Files\Skype
2012-10-09 22:10 . 2012-08-07 21:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5092A630-2BAE-4909-AD2A-B67C3F0B9089}\gapaengine.dll
2012-10-09 22:09 . 2012-09-19 05:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C44A2A5E-85FE-4414-BEEA-2D014B3E2F9D}\mpengine.dll
2012-10-09 22:07 . 2012-10-09 22:07 -------- d-----w- c:\program files\VS Revo Group
2012-10-09 21:56 . 2012-10-09 21:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-09 21:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-09 21:10 . 2012-10-09 21:10 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-09 17:49 . 2012-10-09 17:49 -------- d-----w- C:\_OTL
2012-10-09 13:52 . 2012-09-19 05:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53767A2C-A6A7-4ADD-88C7-56414A7E8C22}\mpengine.dll
2012-10-09 13:48 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-10-09 13:48 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 13:48 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 13:48 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 12:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-09 12:39 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-09 12:35 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-09 12:15 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-09 12:15 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-09 12:15 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-10-09 12:15 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-10-09 12:15 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-10-09 12:15 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-10-09 12:15 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-09 12:15 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-10-09 12:12 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-09 12:12 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-10-09 12:12 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-09 12:12 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-09 12:12 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-10-09 12:06 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-09 12:06 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-09 12:05 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-09 12:05 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 12:05 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 12:05 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-09 12:05 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-09 12:05 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-09 10:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-09 10:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-09 10:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-10-09 10:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-09 10:58 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-10-09 10:58 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-10-09 10:58 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-10-09 10:58 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-09 10:58 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-10-09 00:08 . 2012-10-09 00:08 -------- d-----w- c:\program files\Common Files\Western Digital
2012-10-09 00:04 . 2012-10-09 00:08 -------- d-----w- c:\program files\Western Digital
2012-10-08 23:22 . 2012-10-09 00:06 -------- d-----w- c:\programdata\Western Digital
2012-10-08 23:22 . 2012-10-09 00:07 -------- d-----w- c:\users\Owner\AppData\Local\Western Digital
2012-10-07 22:15 . 2012-10-10 10:49 -------- d-----r- c:\users\Owner\Dropbox
2012-10-07 22:11 . 2012-10-07 22:11 -------- d-----w- c:\program files\Dropbox
2012-10-07 22:02 . 2012-10-10 22:40 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox
2012-10-04 22:04 . 2012-10-04 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-04 22:04 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 11:36 . 2012-10-09 01:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 11:36 . 2012-10-04 21:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-27 16:48 . 2012-09-28 11:27 -------- d-----w- c:\programdata\AVAST Software
2012-09-26 15:15 . 2012-09-26 15:15 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 15:15 . 2012-10-04 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-26 15:15 . 2012-09-26 15:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-12 18:22 . 2012-09-12 18:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-09-12 18:20 . 2012-09-12 18:20 -------- d-----w- c:\programdata\Malwarebytes
2012-09-12 17:30 . 2012-09-12 17:31 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 03:03 . 2012-08-31 03:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-10-09 21:10 . 2012-03-05 11:50 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2012-07-11 360960]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2012-07-11 23:46 1624576 ----a-w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2012-07-11 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2012-07-11 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll,
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 17:04]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 17:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0808&m=t-6330u
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\t2o521ok.default-1349807635457\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 18:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4572)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-10-10 18:17:22
ComboFix-quarantined-files.txt 2012-10-10 23:17
.
Pre-Run: 133,032,820,736 bytes free
Post-Run: 133,030,465,536 bytes free
.
- - End Of File - - 89831E8B315B978B0E03690C11109F28

The computer is running well. I had a different desktop background (trees) and my icons are rearranged from where I had them. FF is working well with no redirects and the google box is still working.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP