Jump to content

google redirect, uninstalled stopzilla


Recommended Posts

Hello and thanks for assisting!

Checked Local Area Network (LAN) settings

DNS settings are not changed

Validated Windows HOSTS file

Ran TDSSKiller

Scanned with Malwarebytes and AVG, Combofix crashed at step 25.

Please let me know if you need additional documentation.

--Scott

I don't see my attachments, so I'll post dds.txt here. I hope someone can take a look!

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_22

Run by Scott at 0:38:32 on 2011-10-28

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.119 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

FW: NVIDIA Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\cisvc.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\eFax Messenger 4.3\J2GTray.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Page = hxxp://searchbox.digsby.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://searchbox.digsby.com/ie

mURLSearchHooks: H - No File

BHO: {13002834-9d06-4b4b-af57-6fb55486d708} - c:\documents and settings\scott\local settings\application data\ExplorerWMP.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [EPSON NX110 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe" /fu "c:\windows\temp\E_S7F.tmp" /EF "HKCU"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"

uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"

uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background

mRun: [x3watch] "c:\program files\x3watch\x3watch.exe"

mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC

mRun: [WD Drive Manager] "c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [DellNSCST] "c:\program files\dell\dell laser mfp 1600n\networkscan\DNSCST.exe" /HIDEUI

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly

mExplorerRun: [updateManager] c:\program files\common files\microsoft shared\translat\LicenseManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe

uPolicies-explorer: NoActiveDesktopChanges = 30

uPolicies-explorer: NoSetActiveDesktop = 30

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08}

Trusted Zone: lunaii-dollmaker.com\www

Trusted Zone: microsoft.com\download.windowsupdate

Trusted Zone: microsoft.com\update

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145727677593

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} - hxxp://www2.tellmemorecampus.com/bin/tol9inst.cab

DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/51/install/gtdownls.cab

DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} - hxxp://web.spaceillusion.com/help/iDanceUpdater1034.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{AE141FB2-37A3-4C5D-9A9B-0CE074BDED4C} : DhcpNameServer = 8.8.8.8 8.8.4.4

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

LSA: Notification Packages = :\WINDOWmspx320e.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-19 64512]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-4 13496]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]

R1 ndcprtns;NDC Network Agent;c:\windows\system32\drivers\Ndcprtns.sys [2006-4-20 9328]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-17 366152]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-6-20 15232]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-17 22216]

S2 gupdate1c98ccd827aaa92;Google Update Service (gupdate1c98ccd827aaa92);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S2 WRConsumerService;Webroot Client Service;"c:\program files\webroot\webrootsecurity\wrconsumerservice.exe" --> c:\program files\webroot\webrootsecurity\WRConsumerService.exe [?]

S3 CW10;Instant Wireless - Network PC\PCI CARD Win2K Driver;c:\windows\system32\drivers\cw10.sys --> c:\windows\system32\drivers\CW10.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-3-31 14336]

S3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2008-12-6 15104]

S3 PRISM;Instant Wireless - Network PC CARD Driver;c:\windows\system32\drivers\prismnds.sys --> c:\windows\system32\drivers\PRISMNDS.sys [?]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-12-23 31872]

S3 SaiH2541;SaiH2541;c:\windows\system32\drivers\SaiH2541.sys [2004-6-11 56576]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-12-7 11520]

S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-1-1 16896]

S4 Liceoservvna;Liceoservvna; [x]

S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]

.

=============== Created Last 30 ================

.

2011-10-28 05:21:16 -------- d-----w- c:\program files\rootkit killer

2011-10-28 05:16:09 -------- d-----w- C:\BFU

2011-10-28 05:04:31 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-28 05:04:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-28 02:43:19 -------- d-----w- c:\program files\STOPzilla!

2011-10-28 02:43:17 -------- d-----w- c:\program files\common files\iS3

2011-10-28 02:43:16 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!

2011-10-27 00:36:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-23 07:20:19 0 ---ha-w- c:\documents and settings\scott\uhlihobdfn.tmp

2011-10-23 05:20:48 -------- d-----w- C:\For Later

2011-10-01 22:13:26 -------- d-----w- C:\AVG10

.

==================== Find3M ====================

.

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-12-29 17:37:27 6320872 -c--a-w- c:\program files\npsibelius.dll

.

============= FINISH: 0:40:06.33 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.