|
| ||
| Re: go.google redirect issue Try downloading a new copy of the driver. Save it to the desktop, don't install it yet. Then go into the Device Manager and Uninstall the card. Reboot the computer, it should find the card and then when it tries to install the driver have it install that new copy you downloaded. |
| ||
| Re: go.google redirect issue Tried that, but it made no difference |
| ||
| Re: go.google redirect issue Ok Dragewood, I have read through this entire thread from top to bottom tonight and see several things I either failed to notice or ignored. First thing is the error and blue screen and stop error you reported in your second post. This can be related to a hardware issue or some new software installed. You stated you couldn't run ESET Scanner so you installed Chrome and tried to run it that way. ESET Instructions are VERY Explicit, you must use Internet Explorer to run it. This is why it wouldn't run. I only warned you about installing new software during an attempted clean up, I should have told you to uninstall Chrome. You ran MBA-M again and essentially found the same bad items, telling me NOW that I have finally read and re-read this thread that the "core" of this infection is not getting removed. I apologize for not being more attentive to this. I think, If you can do it, that you should try to do the following; Download ComboFix Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop. Once the download is complete you will see the Combofix on the desktop. *Close all open Windows including this one. * Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Doubleclick the combofix icon on the desktop to run the program. Windows will issue a prompt asking whether you wish to run the program, click Run You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer. Now just sit back and allow the program to run Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. When ComboFix has finished running, you will see a screen stating that it is preparing the log report. This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When all is complete then please post back here with that log. Now I have to also tell you I am going to be away again for a week or so. I will be checking back as often as I can but won't have as much computer access time as I do now. I know Crunchie is keeping an eye on this as well so if he gives an instruction to you please follow it. He knows what he is doing. Judy |
| ||
| Re: go.google redirect issue Whoa, I think running ComboFix may have fixed the go.google redirect issue. Websites appear to be behaving normally in Internet Explorer again (for now, anyways). Here's what happened since the last post: First I uninstalled Chrome, then I ran ComboFix. First a ComboFix message box appeared that asked me if I wanted to install Windows Recovery Console. I said no. And another ComboFix message box appeared saying my computer needed to be rebooted due to the presence of rootkit. I said OK, and my computer was restarted. Then ComboFix automatically ran. Here's the ComboFix log: ComboFix 08-10-24.02 - Matt 2008-10-25 16:44:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.665 [GMT -5:00] * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\INSTALL.LOG C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\IE4 Error Log.txt C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\drivers\tdssserv.sys C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\tdssinit.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv -------\Legacy_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 ))))))))))))))))))))))))))))))) . 2008-10-25 16:44 . 2008-10-25 16:44 <DIR> d-------- C:\quarantine 2008-10-23 18:24 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll 2008-10-23 16:34 . 2008-10-15 11:34 337,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll 2008-10-20 19:07 . 2008-10-20 19:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-20 19:07 . 2008-10-20 19:07 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\SUPERAntiSpyware.com 2008-10-20 19:07 . 2008-10-20 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-10-20 19:06 . 2008-10-20 19:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-15 19:49 . 2008-10-15 19:49 <DIR> d-------- C:\WINDOWS\Sun 2008-10-15 19:45 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl 2008-10-15 19:44 . 2008-10-15 19:45 <DIR> d-------- C:\Program Files\Java 2008-10-15 19:44 . 2008-10-15 19:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-10-15 03:04 . 2008-08-14 05:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe 2008-10-15 03:04 . 2008-08-14 05:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe 2008-10-15 03:04 . 2008-08-14 04:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe 2008-10-15 03:04 . 2008-08-14 04:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe 2008-10-14 23:50 . 2008-09-15 07:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys 2008-10-14 23:50 . 2008-09-08 05:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys 2008-10-14 18:32 . 2008-10-14 18:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 18:32 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-10-14 18:32 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys 2008-10-06 20:43 . 2008-10-12 12:37 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-10-06 18:43 . 2008-10-06 18:43 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-29 22:00 . 2008-09-29 22:00 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat 2008-09-29 19:39 . 2008-09-29 19:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-21 00:20 90,112 ----a-w C:\WINDOWS\DUMP36b0.tmp 2008-10-11 16:47 90,112 ----a-w C:\WINDOWS\DUMP2904.tmp 2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys 2008-09-10 00:07 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-04 00:49 --------- d-----w C:\Program Files\Apple Software Update 2008-09-03 00:00 --------- d-----w C:\Program Files\sk2l 2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll 2008-08-20 05:30 666,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2008-08-20 05:30 619,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2008-08-20 05:30 3,067,904 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2008-08-20 05:30 1,499,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll 2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys 2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe 2004-11-02 03:35 17,920 ----a-w C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT 2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 126976] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-09-29 81990] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 135251] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm "SENTINEL"= snti386.dll "midi1"= xgusb.cpl [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] --a------ 2007-01-24 23:16 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2005-08-05 15:08 67160 C:\PROGRA~1\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2004-07-19 06:51 306688 C:\Program Files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] --a------ 2002-04-03 01:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2008-10-11 11:52 133104 C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-04-08 11:45 212992 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-05-07 00:56 188416 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] -ra------ 2003-05-22 07:55 483328 C:\WINDOWS\SYSTEM32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes7\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] --a------ 2005-09-22 18:29 303104 c:\PROGRA~1\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] --a------ 2006-01-11 12:05 212992 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\SYSTEM32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition] --a------ 2003-04-29 09:40 524288 C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wscsvc"=2 (0x2) "MCVSRte"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McDetect.exe"=2 (0x2) "McAfeeFramework"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Ruckus Player\\Ruckus.exe"= "C:\\Program Files\\iTunes7\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S3 pnicII;Linksys Fast Ethernet PCI Card;C:\WINDOWS\system32\DRIVERS\lne100.SYS [2001-08-17 20573] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee0d4a08-ee2b-11dc-95c3-000bdbbcfba0}] \Shell\Auto\command - boot.pif \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.pif *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-10-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job - C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-11 11:52] 2008-10-22 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN35S1C1X2E0.job - C:\Program Files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 11:45] 2008-10-25 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe MSConfigStartUp-CamMonitor - C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe MSConfigStartUp-HP Software Update - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe MSConfigStartUp-HPHUPD05 - C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe MSConfigStartUp-MMTray - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe MSConfigStartUp-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe MSConfigStartUp-WinampAgent - C:\Program Files\Winamp3\winampa.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\u32z700a.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.umasslinks.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-25 16:51:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\TDSSserv] "imagepath"="\systemroot\system32\drivers\TDSSserv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\tdssserv.sys)] . Completion time: 2008-10-25 17:01:37 ComboFix-quarantined-files.txt 2008-10-25 22:01:33 Pre-Run: 13,798,907,904 bytes free Post-Run: 15,381,061,632 bytes free 211 --- E O F --- 2008-10-24 08:01:05 |
| ||
| Re: go.google redirect issue Good news :). Please post a new hijackthis log and we will see if there is anything left over. |
| ||
| Re: go.google redirect issue Here's the HJT log, how does it look? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:50 AM, on 10/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Matt\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) - O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://abyss.ecs.umass.edu:8080/activex/AMC.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\61\quartus\bin\jtagserver.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 5013 bytes |
| ||
| Re: go.google redirect issue Congratulations! Your log looks clean. =============== Now that your PC is clean you need to follow these easy steps to keeping it this way: Download CCleaner and install, then run it. It will clear out your temp folders.
==== An alternative to Ccleaner is ATF Cleaner. Download ATF (Atribune Temp File) Cleaner by Atribune to your desktop. Double-click ATF Cleaner.exe to open it. Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. ==== Use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera, which in my opinion, is better still. ==== Use a firewall. It is an essential part of your computers security. There is a link to a good, free firewall in my signature. ==== Install and keep updated, Spybot S&D. Run it on a regular basis, following the maker's recommendations. ==== Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often. ==== Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others. ===== For XP users. After something like this it is a good idea to Flush the Restore Points and start fresh. To flush the XP system Restore Points. Go to Start | Run and type msconfig and press enter. When msconfig opens, click the Launch System Restore Button. On the next page, click the System Restore Settings link on the left. Check the box labelled 'Turn off System restore'. Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created. Note that all previous restore points will be lost. =============== Please mark this thread as solved if all is well. If you have any more problems, post back. - Happy surfing, crunchie. |
| ||
| Re: go.google redirect issue Quick check in from my daughter's home. Looks good to me also. You need to update your java. Current version is now version 6 update 10. This poster does have antivirus installed but those who don't must have ONE on the computer. Judy |
| ||
| Re: go.google redirect issue Thank you for all the help in solving this problem, Judy and crunchie. Your expertise and patience has been very much appreciated. I will make sure to run Spybot often to prevent this from happening again. I have a question though. It seems like ComboFix really did the trick for my problem. So if I were to get this problem or any other malware/spyware again, would you recommend firing up ComboFix first thing again? Or is this a last resort type of scan for some reason? Thanks, Matt |
| ||
| Re: go.google redirect issue Quote:
In fact you should actually now remove it from the computer and the removal will also take all the backups with it, which of course you don't need because those are the baddies removed. To remove it do the following; To uninstall ComboFix.exe And all Backups of files that it deleted Click START then RUN type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.When shown the disclaimer, Select "2" You should KEEP MBA-M and run it regularly, UPDATING FIRST. Have it remove whatever it finds. Continue to use Spybot also as you have indicated you would. I would also recommend that you download, install, update and enable a great program called SpywareBlaster. I wouldn't run my computer without it. It protects against trojans, hijackers, dialers and it DOES NOT run in the background. Judy |
| All times are GMT -4. The time now is 10:11 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC