We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help! Google redirecting to other s/engines ...
Comments
-
If you can leave it - let it install, the files sections, disconnect from the internet and let it run.0
-
Will do, thanks so much for all your help so far ... much appreciated :jWins since 2009 = £17,600MANY THANKS TO ALL OPS0
-
It's just finished. Two worms found :-
Win32/Bagle.gen.zip worm
A Variant of Win32/Adaware.ADON application
Tried to save these to a text file without success, so did it manually.
Hope that's OK.Wins since 2009 = £17,600MANY THANKS TO ALL OPS0 -
-
Hi,
Where do I find the old versions/versions to delete ... can't find anywhere!
MimiWins since 2009 = £17,600MANY THANKS TO ALL OPS0 -
If it is not on your desktop then download the above to your desktop and run it.0
-
Sorry about the delay ... just trying to print off all the instructions re. anti-virus, etc. from bleeping comps. and the rest in case I run into problems and bloomin' site's down for maintenance at the moment :mad:
Should I just start anyway do you think? If so, what should I disable ... anti-virus and anything else?
EDIT : Forget that, just got in! Will now printWins since 2009 = £17,600MANY THANKS TO ALL OPS0 -
OK, all done successfully (I think/hope!), though the problem's still annoyingly there, as I've just input something in google and immediately got redirected again ...
It took some time as I went for your first link and there was a "newer version" which I opted for, so it started again.
Just turned AVG and firewall, etc. back on by the way.
ComboFix log as follows :-
ComboFix 10-02-08.09 - Main 09/02/2010 10:37:36.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.183 [GMT 0:00]
Running from: c:\documents and settings\Main\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Main\Application Data\Desktopicon
c:\program files\Internet Explorer\SET11E.tmp
c:\program files\Internet Explorer\SET11F.tmp
c:\program files\Internet Explorer\SET120.tmp
.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.
2010-02-08 22:27 . 2010-02-08 22:27
d
w- c:\program files\ESET
2010-02-07 16:48 . 2010-02-07 16:48
d
w- c:\windows\system32\wbem\Repository
2010-02-03 09:22 . 2010-02-07 16:45
d
w- c:\program files\SUPERAntiSpyware
2010-01-22 09:58 . 2010-01-22 09:58
d
w- c:\documents and settings\All Users\Application Data\Spamihilator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 22:53 . 2009-01-16 01:13
d
w- c:\program files\Unlocker
2010-02-08 22:13 . 2009-01-17 20:15
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-08 18:26 . 2009-01-18 09:31
d
w- c:\documents and settings\Main\Application Data\Spamihilator
2010-02-08 10:55 . 2009-06-20 08:59 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-08 10:55 . 2009-05-31 10:16 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-08 10:55 . 2009-06-20 08:59 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-08 10:55 . 2009-10-19 09:54 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-08 10:55 . 2009-06-20 08:59 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-08 10:55 . 2009-06-20 08:59 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-08 10:55 . 2009-05-31 10:16 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-08 10:55 . 2009-06-20 08:59 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-08 10:55 . 2009-05-31 10:16 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-08 10:55 . 2009-05-31 10:16 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-08 10:55 . 2009-06-20 08:59 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-07 22:55 . 2009-06-20 08:59 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-07 22:55 . 2009-09-21 12:27 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-07 22:55 . 2009-06-20 08:59 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-07 22:55 . 2009-06-20 08:59 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-07 22:55 . 2009-06-20 08:59 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-07 22:55 . 2009-06-20 08:59 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-07 21:15 . 2008-12-17 22:47
d
w- c:\program files\Microsoft Silverlight
2010-02-07 16:47 . 2009-10-01 17:51
d
w- c:\program files\Spamihilator
2010-02-07 16:46 . 2009-01-12 09:22
d
w- c:\program files\QuickTime
2010-02-07 16:45 . 2009-02-15 01:00
d
w- c:\program files\VS Revo Group
2010-01-31 07:58 . 2009-11-10 10:27
d
w- c:\documents and settings\All Users\Application Data\avg9
2010-01-15 08:16 . 2008-10-22 11:41
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 08:16 . 2008-10-23 21:49 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 22:30 . 2006-11-28 09:12 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-10 22:30 . 2006-11-28 09:12 168 --sh--r- c:\windows\system32\51D6C5998E.sys
2010-01-07 16:07 . 2008-10-22 11:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2008-10-22 11:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2004-08-10 12:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 10:56 . 2009-06-20 08:59 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-21 15:51 . 2004-08-10 12:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 12:41 . 2006-11-27 20:42 80032 -c--a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-10-28 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-02-07 788880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Main\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-1-30 155648]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-10 10:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [25/01/2009 13:27 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/09/2009 15:37 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/09/2009 15:37 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/11/2009 10:27 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1181328]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [03/03/2009 20:27 266240]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [15/12/2006 18:14 40788]
.
Contents of the 'Scheduled Tasks' folder
2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:55]
2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:55]
2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:55]
2010-02-09 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:55]
2010-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:55]
2010-02-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-10-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-17 09:42]
2009-10-17 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-01-17 09:42]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.co.uk/
IE: Customize Menu - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel
IE: Fill Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [URL]file://c:\program[/URL] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Search with Wanadoo
Trusted Zone: tesco.com
TCP: {C080D6CE-FAC4-47F8-9754-C967B601A6AC} = 212.69.36.3 212.69.40.3
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56}
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 10:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iastor.sys >>UNKNOWN [0x824488C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84b9f28
\Driver\ACPI -> ACPI.sys @ 0xf834ccb8
\Driver\iaStor -> iastor.sys @ 0xf8297146
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf815bbb0
PacketIndicateHandler -> NDIS.sys @ 0xf814aa0d
SendHandler -> NDIS.sys @ 0xf815eb40
user & kernel MBR OK
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3252029809-1719323919-977877309-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-02-09 10:51:49
ComboFix-quarantined-files.txt 2010-02-09 10:51
Pre-Run: 39,291,351,040 bytes free
Post-Run: 39,367,933,952 bytes free
- - End Of File - - 1E85616F40B9E66DBD59319C33A5746B
I await your comments.
Cheers,
MimiWins since 2009 = £17,600MANY THANKS TO ALL OPS0 -
http://www.greatis.com/unhackme/
This will remove the bagle virus. There's a Bagle virus removal video link there too that shows how easy it is with Unhackme.more dollar$ than sense0 -
http://www.greatis.com/unhackme/
This will remove the bagle virus. There's a Bagle virus removal video link there too that shows how easy it is with Unhackme.
Thanks, but I think this has already been removed by a program I ran recommended by Reluctant_spender.
xWins since 2009 = £17,600MANY THANKS TO ALL OPS0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards