TechSpot

Google Redirect problem x.x

By litterbox
Sep 7, 2011
  1. I've tried to do as much as I can by myself Combofix, Malwarebytes, Registry cleaner's everything I've finally given up and decided to let the experts handle it. Anytime I try to go to a site it takes me to some page advertising stuff, and I cant get on the actual site. It's ruining my browsing experience :(. Maybe you guys can help me out. Here are the logs you asked for :D

    MBAM Logs

    0Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7666

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    9/7/2011 12:13:07 AM
    mbam-log-2011-09-07 (00-13-07).txt

    Scan type: Quick scan
    Objects scanned: 160781
    Time elapsed: 5 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0
    Run by Michael at 0:20:41 on 2011-09-07
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.1796 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
    TCP: Interfaces\{D9A09519-FF9F-44F0-A581-A93972DD7F99} : DhcpNameServer = 74.128.19.102 74.128.17.114
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL, avgrsstx.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\07lnbgz2.default\
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-22 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-22 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-22 243152]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-9-5 328536]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-21 73728]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-5 2337144]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-21 111616]
    S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-4-1 19456]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-21 30192]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-07 03:43:40 -------- d-----w- c:\users\michael\appdata\local\temp
    2011-09-07 03:42:58 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-09-07 03:26:21 98816 ----a-w- c:\windows\sed.exe
    2011-09-07 03:26:21 518144 ----a-w- c:\windows\SWREG.exe
    2011-09-07 03:26:21 256000 ----a-w- c:\windows\PEV.exe
    2011-09-07 03:26:21 208896 ----a-w- c:\windows\MBR.exe
    2011-09-07 00:55:05 -------- d-----w- c:\users\michael\appdata\roaming\SUPERAntiSpyware.com
    2011-09-07 00:54:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-09-07 00:54:42 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-06 22:54:47 -------- d-----w- c:\program files\CCleaner
    2011-09-06 03:28:59 -------- d-----w- c:\users\michael\appdata\roaming\IObit
    2011-09-06 03:06:00 -------- d-----w- c:\program files\Frontline Registry Cleaner
    2011-09-05 23:18:16 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
    2011-09-05 23:18:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-05 23:18:06 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-05 23:18:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-05 23:18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-01 00:04:05 -------- d-----w- c:\program files\XBCD
    2011-08-22 14:47:02 -------- d-----r- c:\program files\Skype
    2011-08-21 02:09:35 -------- d-----w- c:\windows\system32\x64
    2011-08-21 01:14:43 920088 ----a-w- c:\windows\system32\igxpun.exe
    2011-08-21 01:14:43 319456 ----a-w- c:\windows\system32\difxapi.dll
    2011-08-21 01:14:43 -------- d-----w- c:\windows\system32\Lang
    2011-08-15 11:05:43 -------- d-----w- c:\programdata\Nexon
    2011-08-15 10:58:06 -------- d-----w- c:\programdata\NexonUS
    2011-08-15 10:58:06 -------- d-----w- C:\Nexon
    2011-08-14 13:14:04 -------- d-----w- c:\program files\common files\Steam
    2011-08-14 13:14:01 -------- d-----w- c:\program files\Steam
    .
    ==================== Find3M ====================
    .
    2011-07-21 08:42:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 0:21:46.46 ===============

    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/21/2008 3:38:51 AM
    System Uptime: 9/6/2011 11:47:51 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | Microprocessor | 1733/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 137 GiB total, 60.091 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 2.264 GiB free.
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    9Dragons
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 8.1.0
    Advanced Audio FX Engine
    Advanced SystemCare 4
    Advanced Video FX Engine
    AmpliTube 3
    Apple Application Support
    Apple Mobile Device Support
    ASIO4ALL
    AVG Free 9.0
    Banctec Service Agreement
    BitTorrent
    Bonjour
    Browser Address Error Redirector
    Build Your Own Net Dream (remove only)
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    Digital Line Detect
    Download Updater (AOL LLC)
    EarthLink Setup Files
    FINAL FANTASY XI: Ultimate Collection - Abyssea Edition
    Flyff
    Free Fire Screensaver
    Frontline Registry Cleaner
    GamersFirst LIVE!
    Google Chrome
    Google Desktop
    Guitar Pro 5.2
    Hero_Online
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Internet Service Offers Launcher
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.04.01.1011)
    LeapFrog Connect
    LeapFrog Tag Plugin
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee Security Scan Plus
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Modem Diagnostic Tool
    MSI to redistribute MS VS2005 CRT libraries
    MSVCRT
    Music, Photos & Videos Launcher
    NetWaiting
    NetZeroInstallers
    Nexon Game Manager
    OutlookAddinSetup
    Pando Media Booster
    Product Documentation Launcher
    QuickSet
    QuickTime
    RocketDock 1.3.5
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    RuneScape
    Skype™ 5.5
    Steam
    SUPERAntiSpyware
    SwiftKit
    System Requirements Lab for Intel
    T7Suite
    TeamViewer 6
    Ultima PsOBB
    Uninstall KkMenu docklet for Stardock Object Dock
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
    User's Guides
    VistaGlazz 2.3
    Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/6/2011 9:02:45 PM, Error: EventLog [6008] - The previous system shutdown at 9:01:16 PM on 9/6/2011 was unexpected.
    9/6/2011 7:51:17 PM, Error: EventLog [6008] - The previous system shutdown at 7:40:35 PM on 9/6/2011 was unexpected.
    9/6/2011 7:40:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/6/2011 7:40:41 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/6/2011 12:26:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    9/6/2011 11:32:33 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/6/2011 11:31:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    9/6/2011 11:26:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr Tcpip tdx Wanarpv6
    9/6/2011 11:24:54 PM, Error: EventLog [6008] - The previous system shutdown at 11:22:45 PM on 9/6/2011 was unexpected.
    9/6/2011 10:02:58 AM, Error: EventLog [6008] - The previous system shutdown at 10:00:55 AM on 9/6/2011 was unexpected.
    9/5/2011 5:56:57 PM, Error: EventLog [6008] - The previous system shutdown at 5:54:53 PM on 9/5/2011 was unexpected.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:31 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/5/2011 4:51:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/5/2011 4:51:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/5/2011 4:50:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/5/2011 4:50:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/5/2011 4:50:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    9/5/2011 4:50:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/5/2011 4:50:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/5/2011 4:50:17 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:27 PM on 9/5/2011 was unexpected.
    9/5/2011 2:53:15 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    9/5/2011 2:29:44 PM, Error: EventLog [6008] - The previous system shutdown at 2:28:20 PM on 9/5/2011 was unexpected.
    9/5/2011 11:29:29 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/5/2011 11:03:14 PM, Error: EventLog [6008] - The previous system shutdown at 11:00:42 PM on 9/5/2011 was unexpected.
    9/5/2011 10:50:50 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
    9/3/2011 9:12:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    9/1/2011 12:13:16 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    9/1/2011 12:13:16 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    8/31/2011 2:36:09 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/31/2011 2:36:09 AM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
    8/31/2011 2:36:09 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  2. litterbox

    litterbox TS Rookie Topic Starter

    Also keep getting this pop up from AVG I'll type it out, idk what to do anymore T_T

    AVG Alert

    Accessed file is infected

    Threat was blocked!

    File name : zqqhfowhserve.info/main/php?page=5b99de2a37620ee2

    Threat name : Exploit Blackhole Exploit Kit (type 1889)

    Process name : C:/Windows/system32/svchost.exe
    Process ID : 1868
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware, but first is to remove all those random programs yourself to try and fix the system.
    =============================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    1. There are stickies on every malware forum instructing users not to use Combofix unless directed to run it by a helper.
    2. We don't recommend that anyone use a registry cleaner. Please uninstall Frontline Registry Cleaner
    3. Java is way out of date> Please update now to v6u27: Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    4. Please uninstall or disable Bit Torrent File sharing is a straight road to malware.
    =========================================
    I'd like you to run Combofix. You will have to temporarily uninstall AVG to run it. Normally we have the user install a temporary antivirus, but I see McAfee Security on your system also: If McAfee is current, do not add either of the Recommended AV programs.
    -------------------------------
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Please leave logs in next reply.
     
  4. litterbox

    litterbox TS Rookie Topic Starter

    I went ahead and got rid of all the anti virus and spyware i had and only used combo fix like you told me to do. I also uninstalled everything you told me the online scanner didnt find anything so i dont have logs.


    ComboFix 11-09-07.04 - Michael 09/07/2011 23:14:10.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2067 [GMT -4:00]
    Running from: c:\users\Michael\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-08 03:21 . 2011-09-08 03:21 -------- d-----w- c:\users\Michael\AppData\Local\temp
    2011-09-08 03:21 . 2011-09-08 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-09-08 03:02 . 2011-09-08 03:02 -------- d-----w- c:\program files\Common Files\Java
    2011-09-06 03:28 . 2011-09-06 03:29 -------- d-----w- c:\users\Michael\AppData\Roaming\IObit
    2011-09-05 23:18 . 2011-09-05 23:18 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
    2011-09-05 23:18 . 2011-09-05 23:18 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-05 23:18 . 2011-09-08 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-01 00:04 . 2011-09-01 00:04 -------- d-----w- c:\program files\XBCD
    2011-08-22 14:47 . 2011-09-05 22:08 -------- d-----r- c:\program files\Skype
    2011-08-21 02:09 . 2011-08-21 02:09 -------- d-----w- c:\windows\system32\x64
    2011-08-21 01:14 . 2011-08-21 01:14 -------- d-----w- c:\windows\system32\Lang
    2011-08-21 01:14 . 2008-11-05 18:08 920088 ----a-w- c:\windows\system32\igxpun.exe
    2011-08-21 01:14 . 2006-11-10 12:25 319456 ----a-w- c:\windows\system32\difxapi.dll
    2011-08-15 11:05 . 2011-08-15 11:05 -------- d-----w- c:\programdata\Nexon
    2011-08-15 10:58 . 2011-08-19 23:55 -------- d-----w- C:\Nexon
    2011-08-14 13:14 . 2011-09-06 23:52 -------- d-----w- c:\program files\Common Files\Steam
    2011-08-14 13:14 . 2011-09-08 03:09 -------- d-----w- c:\program files\Steam
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-08 03:01 . 2010-06-09 18:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-21 08:42 . 2011-07-21 08:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-20 12:57 . 2011-07-15 20:32 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C709486-8B5B-4DE0-9360-AF240ED6F1B5}\mpengine.dll
    2011-08-19 20:05 . 2011-05-03 20:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2011-04-10 . 1C5867DB6860D752C06119E7796C44F2 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    [7] 2008-01-19 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
    [7] 2006-11-02 . B264DFA21677728613267FE63802B332 . 245248 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16386_none_caf99b2e2002860e\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-16 3077528]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-08-14 1242448]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-21 50688]
    GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2007-05-11 08:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-03-17 00:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2008-04-01 19456]
    R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-17 30192]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-01-19 4225592]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973831708-3262724253-3251001275-1000Core.job
    - c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 22:58]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973831708-3262724253-3251001275-1000UA.job
    - c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-05 22:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 74.128.19.102 74.128.17.114
    FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\07lnbgz2.default\
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-07 23:21
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-09-07 23:24:12
    ComboFix-quarantined-files.txt 2011-09-08 03:24
    ComboFix2.txt 2011-09-07 03:43
    .
    Pre-Run: 65,808,224,256 bytes free
    Post-Run: 65,458,372,608 bytes free
    .
    - - End Of File - - 338576DF996AEA388A99B82B105D288C
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Let's clarify this:
    1. You have AVG on the system and Combofix won't run with it. I told you to remove AVG for now
    2. Since you also had McAfee Security Scan Plus on the system- so if it's functional, you would not have needed to install a temporary AV.
    3. I did not instruct you to remove any of the following:
    ===========================================
    Do you have an updated and current antivirus on the system?

    Are you still being redirected?
    ==========================================
    Please run the following: Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ====================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ===================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...