Google redirect - help please!

Dormouse · 22 June 2010 at 9:38PM

Thanks Rik. Will do this in the morning (have had a drink now and do not trust myself with the computer, LOL!). Will let you know how I get on.

Really appreciate the help.

ETA: just tried Google in FF and it works fine, but as I've mentioned before, it's been very on and off anyway...

The_Grandmaster · 22 June 2010 at 9:53PM

Thank you for stating the next steps alienRIK!

aliEnRIK · 22 June 2010 at 11:58PM

TICK and FIX these in hijack ~
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKCU\..\Run: [xlir] rundll32 "C:\Users\home\AppData\Roaming\irprops2.dll",Fmnfa j
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll (ALL THESE)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL BgGamingMonitor.dll

Theres trojan activity in the log
Turn off Spybots 'TEA TIMER' mode ~
Open Spybot
Change Mode (Top) to ADVANCED
Select TOOLS then RESIDENT
UNTICK 'Resident TEA TIMER' (Leave 'SD Helper' TICKED)

THEN run combofix (Tea timer might prevent it from working properly)

Dormouse · 23 June 2010 at 10:43AM

aliEnRIK wrote: »

(SEE POST #14 before running combofix)

run LSPFIX
http://www.cexx.org/LSPFix.exe

Am trying to do this but am getting an error message about re-installing Winsock 2?! Help!

aliEnRIK · 23 June 2010 at 11:20AM

Try RIGHT CLICKING and RUN AS (Admin)
If it doesnt come up as an option then press the SHIFT key at the same time

If it still doesnt want to play then skip it

Dormouse · 23 June 2010 at 11:28AM

aliEnRIK wrote: »

Try RIGHT CLICKING and RUN AS (Admin)
If it doesnt come up as an option then press the SHIFT key at the same time

If it still doesnt want to play then skip it

Thanks, got it! It didn't want to remove anything anyway

Dormouse · 23 June 2010 at 11:55AM

ComboFix 10-06-22.03 - home 23/06/2010 11:43:41.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2046.937 [GMT 1:00]
Running from: c:\users\home\Downloads\QWERTY.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\BSTIEPrintCtl1.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.
2010-06-23 10:49 . 2010-06-23 10:49

d

w- c:\users\Default\AppData\Local\temp
2010-06-16 20:49 . 2010-06-16 20:49

d

w- c:\program files\CCleaner
2010-06-15 19:39 . 2010-06-15 19:39

d

w- c:\users\home\AppData\Roaming\Malwarebytes
2010-06-15 19:39 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-15 19:39 . 2010-06-15 19:39

d

w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 19:39 . 2010-06-15 19:39

d

w- c:\programdata\Malwarebytes
2010-06-15 19:39 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-15 12:43 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 22:48 . 2010-04-06 09:13 459600 ----a-w- c:\programdata\BullGuard\Update\Bin\libxml2.dll
2010-06-14 22:48 . 2010-06-15 12:14 348480 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\BullGuardUpdate.exe
2010-06-14 22:48 . 2010-06-15 12:14 348480 ----a-w- c:\programdata\BullGuard\Update\Bin\BullGuardUpdate.exe
2010-06-14 22:48 . 2010-02-25 15:43 67920 ----a-w- c:\programdata\BullGuard\Update\Bin\zlib1.dll
2010-06-14 22:48 . 2010-02-25 15:43 983376 ----a-w- c:\programdata\BullGuard\Update\Bin\libeay32.dll
2010-06-14 22:48 . 2010-02-25 15:43 190800 ----a-w- c:\programdata\BullGuard\Update\Bin\libcurl.dll
2010-06-14 22:48 . 2010-02-25 15:43 55120 ----a-w- c:\programdata\BullGuard\Update\Bin\libbz2.dll
2010-06-14 22:44 . 2010-06-14 22:47

d

w- c:\users\home\AppData\Roaming\BullGuard
2010-06-14 22:38 . 2010-06-23 09:20

d

w- c:\programdata\BullGuard
2010-06-14 22:38 . 2010-06-14 22:38

d

w- c:\program files\BullGuard Ltd
2010-06-14 19:51 . 2010-06-22 19:26

d

w- c:\programdata\Spybot - Search & Destroy
2010-06-14 19:51 . 2010-06-14 19:51

d

w- c:\program files\Spybot - Search & Destroy
2010-06-10 18:35 . 2010-06-10 18:35

d

w- c:\program files\Common Files\Adobe Systems Shared
2010-06-09 17:09 . 2010-06-09 17:09

d

w- c:\users\home\AppData\Roaming\AdobeUM
2010-06-09 17:08 . 2010-06-09 17:08

d

w- c:\programdata\Adobe Systems
2010-06-05 08:22 . 2010-06-05 08:22 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb37E4.tmp.exe
2010-05-31 00:10 . 2010-06-14 22:18

d

w- c:\users\home\AppData\Roaming\Bycea
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 09:19 . 2007-11-24 17:51

d

w- c:\program files\Lx_cats
2010-06-23 08:50 . 2009-06-03 22:36 1 ----a-w- c:\users\home\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-22 18:46 . 2008-02-24 22:22

d

w- c:\program files\Coupon Printer
2010-06-21 21:20 . 2008-02-12 12:13

d

w- c:\program files\Common Files\Adobe
2010-06-16 21:17 . 2007-08-16 13:35

d

w- c:\program files\Common Files\Symantec Shared
2010-06-16 21:13 . 2009-12-01 22:42

d

w- c:\programdata\Norton
2010-06-16 21:13 . 2007-08-16 13:36

d

w- c:\programdata\Symantec
2010-06-15 12:51 . 2007-12-13 20:52

d

w- c:\program files\Common Files\Java
2010-06-15 12:35 . 2007-11-03 16:11

d

w- c:\users\home\AppData\Roaming\Packard Bell
2010-06-14 23:45 . 2010-05-01 08:55

d

w- c:\users\home\AppData\Roaming\751AC99436829F9D9922F40CDB08F4B3
2010-06-14 23:00 . 2010-06-14 23:00 77824 ----a-w- c:\programdata\BullGuard\Update\Download\AVDEFS\bdupd.dll
2010-06-14 23:00 . 2010-06-14 23:00 246608 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\Antiphishing\IE\BGToolBand.dll
2010-06-14 23:00 . 2010-06-14 23:00 75088 ----a-w- c:\programdata\BullGuard\Update\Download\APPDIR\Support\BgRaHook.dll
2010-06-14 22:36 . 2008-05-25 02:34

d

w- c:\users\home\AppData\Roaming\Xeat
2010-06-14 20:29 . 2006-11-02 12:37

d

w- c:\program files\Microsoft Games
2010-06-14 19:35 . 2008-04-10 09:04

d

w- c:\users\home\AppData\Roaming\InstallShield
2010-06-11 08:33 . 2007-11-03 16:11 89176 ----a-w- c:\users\home\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 13:14 . 2009-10-03 08:04 221568

w- c:\windows\system32\MpSigStub.exe
2010-05-20 21:29 . 2007-11-03 21:24

d

w- c:\users\home\AppData\Roaming\Skype
2010-05-20 16:35 . 2009-05-10 18:43

d

w- c:\users\home\AppData\Roaming\skypePM
2010-05-12 20:17 . 2010-05-12 20:17

d

w- c:\users\home\AppData\Roaming\GetRightToGo
2010-05-02 19:37 . 2008-05-06 08:53

d

w- c:\program files\McDonaldsDragons
2010-05-01 13:30 . 2009-08-15 13:34 680 ----a-w- c:\users\home\AppData\Local\d3d9caps.dat
2010-05-01 08:56 . 2010-05-01 08:56 84992 --sha-r- c:\users\home\AppData\Roaming\irprops2.dll
2010-05-01 08:56 . 2010-05-01 08:56 84992 --sha-r- c:\users\home\AppData\Roaming\irprops2.dll
2010-04-28 09:41 . 2010-04-28 09:41 55888 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2010-04-23 10:19 . 2010-04-23 10:19 98128 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2010-03-28 10:26 . 2010-03-06 10:27 439816 ----a-w- c:\users\home\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-26 09:33 . 2010-05-01 07:53 1496064 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 09:33 . 2010-05-01 07:53 43008 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 09:33 . 2010-05-01 07:53 339456 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 09:32 . 2010-05-01 07:53 346112 ----a-w- c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-10 22:48 . 2009-12-10 22:48 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-08-16 22:01 . 2007-08-16 22:01 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-16 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"HostManager"="c:\program files\Common Files\AOL\1187270995\ee\AOLSoftware.exe" [2006-11-14 50736]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-10 30192]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-04 198160]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2010-06-15 2071360]
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2010-6-10 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BgGamingMonitor.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-03-03 266240]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2010-06-15 122688]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-10 30192]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2009-12-04 29208]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-04-28 55888]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2006-11-02 22016]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2010-06-15 348480]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-16 1116800]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2009-12-04 318488]
S3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-06-15 301376]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire
BullGuard_LowPriv REG_MULTI_SZ BsBrowser
.
Contents of the 'Scheduled Tasks' folder
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:43]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 10:43]
2007-11-10 c:\windows\Tasks\PBReg.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
2007-12-18 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegApp.exe [2005-06-21 12:05]
2010-06-23 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-08-16 16:34]
.
.

Supplementary Scan

.
uStart Page = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=8&key=IESTART
mStart Page = hxxp://www.myaolbroadband.co.uk
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\windows\system32\BGLsp.dll
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://rmsurveys.research-int.com/
FF - component: c:\program files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\components\BGFFComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\h90ark01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 11:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERS\S-1-5-21-601384330-350029153-2478979763-1002\Software\SecuROM\License information*]
"datasecu"=hex:a1,8e,fe,cf,56,be,9f,1a,13,00,97,f7,06,9e,ca,9c,dc,25,31,46,af,
bf,7d,c6,1a,a8,c7,3f,87,b0,e2,e3,e5,01,0f,a1,41,1d,1c,aa,bb,41,e4,1c,4d,64,\
"rkeysecu"=hex:ef,38,ed,d3,01,09,ab,41,fc,87,1c,6c,40,aa,27,2f
.
Completion time: 2010-06-23 11:51:37
ComboFix-quarantined-files.txt 2010-06-23 10:51
Pre-Run: 231,227,752,448 bytes free
Post-Run: 231,201,226,752 bytes free
- - End Of File - - 0D9C487ADFDBDC312BB4F5EC85518758

The_Grandmaster · 23 June 2010 at 1:25PM

Hmm... combofix logs are still a mystery to me. I can guess the top bit gives information about the computer and av's running. The 'File created from 2010-5-23 to 2010-6-23' is self-explanatory too but the rest are quite gobbledygoop.

aliEnRIK · 23 June 2010 at 2:38PM

Open notepad and copy/paste the text in RED below

File::
c:\users\home\AppData\Roaming\irprops2.dll
c:\users\home\AppData\Roaming\irprops2.dll

Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

..............................................................

On a side note, I wouldnt trust Bulldogs FIREWALL, as even most of the well know av firewalls are very poor

xenonive · 23 June 2010 at 4:07PM

Another suggestion would be to download and run superantispyware as this can fix alot of issues .

Google redirect - help please!

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free