Google Won't Open Part II

RussJK

If you still can't manage, then try this one already renamed for you:
http://www.users.on.net/~russ/qwertles.exe

Eager_Elephant

Hi

This is my ComboFix log:

ComboFix 11-05-07.03 - The Brame Family 08/05/2011 18:26:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1916.1065 [GMT 1:00]
Running from: c:\users\The Brame Family\Downloads\Documents\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\The Brame Family\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.

---

\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 17:33 . 2011-05-08 17:33

---

d

---

w- c:\users\Default\AppData\Local\temp
2011-05-08 11:10 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B35B683-7100-4699-A3C7-81CE52D74365}\mpengine.dll
2011-05-04 05:55 . 2011-05-04 05:55 388096 ----a-r- c:\users\The Brame Family\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-04 05:55 . 2011-05-04 05:55

---

d

---

w- c:\program files\Trend Micro
2011-05-04 05:23 . 2011-05-04 05:23

---

d

---

w- c:\users\The Brame Family\AppData\Roaming\Malwarebytes
2011-05-04 05:23 . 2011-05-04 05:23

---

d

---

w- c:\programdata\Malwarebytes
2011-05-04 05:23 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 05:23 . 2011-05-04 05:23

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 05:23 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 18:30 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 18:30 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 18:30 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-13 18:26 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 21:42 . 2010-05-02 07:42 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-03 15:40 . 2011-04-27 18:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 18:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 18:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 18:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 08:40 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 08:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 08:40 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-14 20:13 . 2011-02-14 20:13 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 202024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\The Brame Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Gacela-Reporting-Service;Gacela-Reporting-Service;c:\program files\Gacela\Gacela-Reporting.exe [x]
R4 Gacela-Update-Service;Gacela-Update-Service;c:\program files\Gacela\Gacela-Updater.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0500010.004\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0500010.004\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [2011-04-15 802936]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.1.4\Definitions\IPSDefs\20110506.001\IDSvix86.sys [2011-03-14 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0500010.004\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0500010.004\SYMTDIV.SYS [2010-12-01 330360]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.0.1.4\ccSvcHst.exe [2010-11-24 130000]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
2011-05-08 c:\windows\Tasks\User_Feed_Synchronization-{73E4A7F8-48A2-40A1-A846-25A175AB83B4}.job
- c:\windows\system32\msfeedssync.exe [2011-04-13 04:43]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.crumblycottage.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.0.1.4\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.0.1.4\diMaster.dll\" /prefetch:1"
.

---

DLLs Loaded Under Running Processes

---

.
- - - - - - - > 'Explorer.exe'(3840)
c:\windows\System32\NaturalLanguage6.dll
.

---

Other Running Processes

---

.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-08 18:44:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 17:44
.
Pre-Run: 53,116,604,416 bytes free
Post-Run: 52,897,226,752 bytes free
.
- - End Of File - - 4C40699728F862957CB6392CA8E693A8

Eager_Elephant

Lil306 wrote: »

If you can get to it via IP address suggests your DNS / Host file is knackered

You could try renaming the host file so it creates a new one after reboot see if that sorts it out

c:\windows\system32\drivers\etc

Rename the file "hosts" to oldhosts, and restart computer

Try again

I have now done this.

Google is still coming up if I use the web address - this happened this morning after I entered the IP address and then tried to get in the usual way.

EE

The_Grandmaster

AlienRIK should be back to have a look at the combofix log. Please wait for his reply before trying anything else.

Lil306

Eager_Elephant wrote: »

I have now done this.

Google is still coming up if I use the web address - this happened this morning after I entered the IP address and then tried to get in the usual way.

EE

So you can open firefox, can't access google until you enter it's IP address. After you have done this however, it then works the next time you enter https://www.google.com?

Eager_Elephant

Lil306 wrote: »

So you can open firefox, can't access google until you enter it's IP address. After you have done this however, it then works the next time you enter www.google.com?

Hi

I don't have Firefox, I use Internet Explorer.

This morning I put in the IP address and it brought up Google. I then opened a second window and typed the web address in and Google also appeared.

I have since restarted my computer and Google is now coming up every time by just using the web address.

I assumed it was fixed but aliEnRIK said it was not hence the other scan I have had to run.

EE

aliEnRIK

Looks like combofix has removed the nasty file

So everythings running fine?

Eager_Elephant

Yup everything appears to be running fine now.

Thanks everyone for all your help.

EE

aliEnRIK

We got there in the end