PDA

View Full Version : Redirected during googe searches.



Jextop
2010-11-24, 23:57
Alright. So today, Tuesday, November 23rd of 2010... I attempted to look up lyrics for a song I discovered on youtube. Well, when I "Googled" for the lyrics, and clicked one of the usual websites I click... I got a message saying "THIS WEBSITE HAS BEEN KNOWN TO HAVE VIRUSES, CLICK THE GO BACK BUTTON NOW"

And I was in shock. So I cicked back, clicked another site, and got the same issue.

Back, another site... Same issue.

I was quite worried, then began to think I had an issue.

I attempted to search google redirecting issues.... Every time I clicked a link, my web browser vanished and I was notified I have virus issues... Click here to get a scan right away..... CTRL ALT DELETE Fireox and attempted to open it back up....

Did it again. CTRL ALT DELETE.

I flipped and turned off the Net DNScache and I was able to just go through it... I was searching through some forums, and one person said to uninstall firefox ASAP and to clean it from the registry right away. A lot of people said that helped... and so I did it... I also rebooted, and started running Spybot search and destroy... I am now here on the website, to see if there is anything I missed....

I read through the stickies... I noticed P2P programs will be asked to be uninstalled. That is taken care of. I also read that cleaning the registry is frowned upon... which... I accidentally did... I believe my program did give a backup for it though, if I am to load it, please let me know how so I can get it back up for safety measures.... I also ran the DDS program...



If I missed some information I need to give out... Please let me know, my mind is quite scrambled right now.

Also, I have uninstalled a number of other programs that I no longer use on the computer as well... Just games mostly... Not sure if that would make a difference, but to keep those helping informed.

OH..... And when I ran Spybot... It found nothing.... But I'm going to make another reboot on the computer after I post this and run a search again.


DDS (Ver_10-11-10.01) - NTFSx86
Run by Jexious at 15:41:26.18 on Tue 11/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1618 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\AIM7\aim.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Jexious\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GVNE4L92\dds[1].scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://sites.google.com/site/stripexstripe/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [Chatango] c:\program files\chatango\Chatango.exe
uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US
uRun: [Alogexasux] rundll32.exe "c:\users\jexious\appdata\local\cahFWMV.dll",Startup
uRun: [Evalegub] rundll32.exe "c:\users\jexious\appdata\local\ejasozoq.dll",Startup
mRun: [<NO NAME>]
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
StartupFolder: c:\users\jexious\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: DfLogon - LogonDll.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-9-21 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-20 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-9-21 7680]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-21 187392]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-26 34384]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rak;rak;c:\windows\system32\rakion.sys [2010-2-4 60928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-21 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\tmachinfo.exe --> c:\program files\toshiba\toshiba service station\TMachInfo.exe [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-11-23 20:09:52 -------- d-----w- c:\users\jexious\appdata\local\Diagnostics
2010-11-23 20:06:19 -------- d-----w- c:\program files\CCleaner
2010-11-23 09:45:29 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7ecc523e-28eb-4f3e-a530-1806f45d8a6e}\mpengine.dll
2010-11-23 01:27:20 0 ----a-w- c:\users\jexious\appdata\local\Azajoluracanarig.bin
2010-11-23 01:27:14 -------- d-----w- c:\users\jexious\appdata\local\{291CEA77-9937-4EE7-8592-372308B8F3A3}
2010-11-19 22:36:19 -------- d-----w- c:\program files\common files\Software Update Utility
2010-11-19 22:36:19 -------- d-----w- c:\program files\AIM7
2010-11-19 20:42:38 -------- d-----w- c:\program files\Viewpoint
2010-11-19 20:42:38 -------- d-----w- c:\progra~2\Viewpoint
2010-11-19 20:42:37 -------- d-----w- c:\program files\AOD
2010-11-19 20:42:34 -------- d-----w- c:\program files\AIM
2010-11-19 20:33:49 -------- d-----w- c:\program files\middle_man
2010-11-17 06:14:40 -------- d-----w- c:\users\jexious\appdata\roaming\foobar2000
2010-11-17 06:14:32 -------- d-----w- c:\program files\foobar2000
2010-11-13 22:41:15 -------- d-----w- c:\users\jexious\appdata\local\VirtualStore
2010-11-12 18:50:16 -------- d-----w- c:\program files\LimitRO-Online
2010-11-03 20:31:27 -------- d-----w- c:\progra~2\Nexon
2010-11-03 20:01:52 -------- d-----w- c:\program files\BandiMPEG1
2010-11-03 14:58:00 15256 ----a-w- c:\users\jexious\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2010-10-29 03:03:59 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-29 03:03:59 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-29 03:03:08 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-29 03:03:08 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-29 03:03:05 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-29 03:03:05 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-29 03:03:05 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-29 03:03:05 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-29 03:02:43 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-29 03:02:22 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-29 03:02:22 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-29 03:02:22 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-29 03:02:22 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-29 03:02:14 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-29 03:02:13 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-29 03:02:12 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-29 02:28:55 -------- d-----w- c:\progra~2\SecTaskMan
2010-10-29 02:28:51 -------- d-----w- c:\program files\Security Task Manager

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-03-19 18:16:34 939139876 ----a-w- c:\program files\FEZsetup_2010-02-26.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 15:42:16.61 ===============



AND ATTACH





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/18/2009 10:47:56
System Uptime: 11/23/2010 15:29:44 (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon(tm) II Dual-Core M300 | Socket S1G3 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 154.299 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP266: 11/16/2010 10:20:11 - Windows Update
RP267: 11/19/2010 03:41:45 - Windows Update
RP269: 11/21/2010 10:08:26 - Installed Samsung USB Driver (MCCI 4.34) WHQL v3.4
RP270: 11/23/2010 04:45:09 - Windows Update
RP271: 11/23/2010 15:17:11 - Removed Steam
RP273: 11/23/2010 15:20:32 - Configured Samsung USB Driver (MCCI 4.34) WHQL v3.4

==== Installed Programs ======================

7-Zip 4.65
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Akamai NetSession Interface
AOL Instant Messenger
ASIO4ALL
ATI Catalyst Install Manager
Audiosurf
Bandisoft MPEG-1 Decoder
BitComet 1.17
BitPim 1.0.7
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chatango Message Catcher
Compatibility Pack for the 2007 Office system
Creatures of Darkness
Download Updater (AOL LLC)
ERUNT 1.1j
Facebook Plug-In
Fantasy Voice Pack
FCEUX 2.1.2
FL Studio 9
foobar2000 v1.1.1
Fraps (remove only)
Furry Voices for Second Life
Google Gears
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
Guild Wars
Hardcore
IL Download Manager
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
K-Lite Codec Pack 6.1.0 (Full)
LG USB Modem driver
Livestream Procaster
Mabinogi
MapleStory
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007 Subscription
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MorphVOX Pro
MSVCRT
Nexon Game Manager
NVIDIA PhysX
Ogg Codecs 0.81.15562
Pando Media Booster
PDF Settings
Pidgin
PlayReady PC Runtime x86
PoiZone
Project64 1.6
Python 2.7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RF Online EQG
Rosetta Stone Version 3
Sawer
Sci-Fi Voice Pack
Shin Megami Tensei: Imagine Online
Sins of a Solar Empire
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
SUPER © Version 2010.bld.38 (May 2, 2010)
Synaptics Pointing Device Driver
The Sims™ 3
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Toxic Biohazard
Vegas Pro 9.0
Ventrilo Client
Viewpoint Media Player
Vindictus
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WMPTagSupportExtender
WonderKing
Xfire (remove only)
Yahoo! Messenger
YVD

==== Event Viewer Messages From Past Week ========

12/1/2010 13:44:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
12/1/2010 13:42:06, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/1/2010 13:42:06, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/1/2010 13:42:06, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/1/2010 13:42:06, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/23/2010 15:32:23, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
11/23/2010 15:30:26, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147467262.
11/23/2010 15:30:00, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
11/23/2010 15:30:00, Error: atikmdag [43029] - Display is not active
11/23/2010 10:58:13, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {ABB12DC5-C2F5-45A5-B793-ADE93CB37311}. The error: "2" Happened while starting this command: "C:\Program Files\TOSHIBA\MobilityCenter\ToshibaMobilityCenter.exe" -Embedding
11/23/2010 10:58:13, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {2B12338D-61E0-41A4-B858-CED35C9DCECB}. The error: "2" Happened while starting this command: "C:\Program Files\TOSHIBA\MobilityCenter\ToshibaMobilityCenter.exe" -Embedding
11/23/2010 10:58:13, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {030F2E33-D57D-4BF5-BE03-445FA6F20A2F}. The error: "2" Happened while starting this command: "C:\Program Files\TOSHIBA\MobilityCenter\ToshibaMobilityCenter.exe" -Embedding
11/21/2010 15:40:21, Error: bowser [8003] - The master browser has received a server announcement from the computer HAYLEY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{544F90D9-8793-4D8F-8C9B-FE0E94F7. The master browser is stopping or an election is being forced.
11/16/2010 19:23:32, Error: bowser [8003] - The master browser has received a server announcement from the computer DERRICK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{544F90D9-8793-4D8F-8C9B-FE0E94F700. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Bumping.

For the possibility I may not get back to it today and be able to bump it.

I know people are busy for these next few days because of the holidays. Hope all things are well for them.

Bumping.

For the possibility I may not get back to it today and be able to bump it.

I know people are busy for these next few days because of the holidays. Hope all things are well for them.

oldman960
2010-11-27, 19:16
Hi Jextop, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



You do not appear to have an antivirus program installed. I'll give you the links to some good free ones after we have cleaned this machine. Please limit your internet activity to this thread and downloading tools. This includes email.


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop

Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :




:Services

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alogexasux=-
"Evalegub"=-

:Files
c:\users\jexious\appdata\local\cahFWMV.dll
c:\users\jexious\appdata\local\ejasozoq.dll
ipconfig /flushdns /c
c:\users\jexious\appdata\local\Azajoluracanarig.bin

:Commands
[createrestorepoint]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL log.



Next

Rghit click on the icon and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it (http://www.geekstogo.com/forum/files/file/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



Please post back with
OTL fix log
OTL.txt
Extra.txt

oldman960
2010-12-01, 03:17
Hi,

Do you still need help with this?

Thanks