Google redirect help

**ken545** · 2011-09-30, 06:00

This is what I would do, is completely uninstall Firefox, use this free utility to uninstall it along with all the registry entries.

http://www.revouninstaller.com/revo_..._download.html

Then go into Program Files and if there is still a Firefox folder, delete it.

We will install the latest version in a bit, but lets rerun this program, those adds through the speakers can mean trouble.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

**ken545** · 2011-09-30, 17:09

Have the adds through the speakers just occurred or has this been present all along since you posted. A combination of browser redirects and adds through the speakers could mean a possible Whistler Rootkit infection, I need you to run aswMBR, if it asks to update the definitions, do so, then post the new log

**GKFISH** · 2011-10-01, 01:18

Ken, the first audio was last night, it was very strange kind of like a radio station with ads, but I could hear what sounded like teenagers say how they knew all aspects of someone life and could do anything through there computer...no specific names were ever mentioned.
I will follow your latest instructions and post results.

Greg

**GKFISH** · 2011-10-01, 01:39

Ken, I followed your instructions, however aswMBR will not run a scan? Greg

**ken545** · 2011-10-01, 07:34

Hey,

Sorry your having so many problems, but some of this garbage is really hard to remove, lets try a few things.

Try running aswMBR in Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

If still a no go, then if you still have Combofix on your desktop, drag it to the trash and download and run a fresh new copy

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**GKFISH** · 2011-10-01, 15:09

Hi Ken, just to keep you up to date I removed Firefox successfully, but could not run aswMBR it would not start. I also had to update IE to version 8, im not sure if this will effect anything ...just letting you know. I will try aswMSB in safe mode and post.

Thanks..Greg

**GKFISH** · 2011-10-01, 18:26

Ken,

Heres the latest Combofix log..Thanks

ComboFix 11-09-30.05 - Greg 10/01/2011 10:52:40.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2397 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-01 to 2011-10-01 )))))))))))))))))))))))))))))))
.
.
2011-10-01 00:04 . 2011-10-01 00:04 -------- d-sh--w- c:\documents and settings\Greg\PrivacIE
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-01 00:03 . 2011-10-01 00:03 -------- d-sh--w- c:\documents and settings\Greg\IETldCache
2011-09-30 23:58 . 2011-09-30 23:58 -------- dc-h--w- c:\windows\ie8
2011-09-30 23:56 . 2010-10-18 11:10 7680 ------w- c:\windows\system32\dllcache\iecompat.dll
2011-09-30 23:56 . 2011-06-23 18:36 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-30 23:56 . 2011-06-23 18:36 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-30 23:56 . 2011-06-23 18:36 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-30 23:56 . 2011-06-23 18:36 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2011-09-30 23:56 . 2011-06-23 18:36 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-30 23:56 . 2011-06-23 18:36 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll
2011-09-30 23:56 . 2011-06-23 18:36 11081728 ------w- c:\windows\system32\dllcache\ieframe.dll
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\VS Revo Group
2011-09-30 23:31 . 2009-12-30 15:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-09-30 23:31 . 2011-09-30 23:31 -------- d-----w- c:\program files\VS Revo Group
2011-09-24 02:52 . 2011-09-24 02:52 -------- d-----w- C:\_OTL
2011-09-21 18:59 . 2011-09-28 18:40 -------- d-----w- c:\documents and settings\Kiddies\Local Settings\Application Data\ApplicationHistory
2011-09-21 18:22 . 2011-10-01 14:19 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\ApplicationHistory
2011-09-21 17:38 . 2011-09-21 18:39 -------- d-----w- C:\COMBO-FIX4520C
2011-09-21 17:35 . 2011-09-21 17:37 -------- d-----w- C:\COMBO-FIX17960C
2011-09-14 23:27 . 2011-09-14 23:27 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2011-09-14 23:26 . 2011-09-30 00:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-14 23:26 . 2011-09-14 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-13 20:39 . 2011-09-13 20:40 -------- d-----w- c:\program files\iPod
2011-09-13 20:39 . 2011-09-13 20:41 -------- d-----w- c:\program files\iTunes
2011-09-12 23:46 . 2011-09-12 23:46 -------- d-----w- c:\program files\ESET
2011-09-10 01:07 . 2011-09-10 01:07 -------- d--h--w- c:\windows\PIF
2011-09-06 00:54 . 2011-09-06 01:50 -------- d-----w- C:\COMBO-FIX30049C
2011-09-06 00:47 . 2011-09-06 00:53 -------- d-----w- C:\COMBO-FIX12903C
2011-09-05 00:57 . 2011-09-05 02:42 -------- d-----w- C:\COMBO-FIX24678C
2011-09-05 00:54 . 2011-09-05 00:56 -------- d-----w- C:\COMBO-FIX18701C
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 18:48 . 2008-04-04 00:06 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-09-09 09:12 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-30 18:17 . 2011-06-22 15:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-21_18.23.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-13 23:37 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2008-03-13 23:37 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2010-09-09 14:16 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:34 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-10 17:50 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 43008 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 37888 c:\windows\ie8\url.dll
+ 2011-09-30 23:58 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll
+ 2011-09-30 23:58 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 81920 c:\windows\ie8\ieencode.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe
+ 2011-09-30 23:58 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2008-08-27 14:58 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
- 2008-08-27 14:58 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-10 17:51 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
+ 2004-08-10 17:51 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-10 17:51 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 17:51 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-10 17:51 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-10 17:51 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-10 17:51 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 17:51 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-10 17:51 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-21 06:44 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2011-06-17 01:04 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2011-06-21 18:18 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 08:34 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-11-05 05:05 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2010-02-26 05:43 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-10 17:50 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-10-01 00:00 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-10-01 00:00 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-10-01 00:00 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-10-01 00:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-10-01 00:00 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-10-01 00:01 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
+ 2011-10-01 00:00 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-10-01 00:00 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 667136 c:\windows\ie8\wininet.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll
+ 2011-09-30 23:58 . 2011-04-29 19:07 852480 c:\windows\ie8\vgx.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 633344 c:\windows\ie8\urlmon.dll
+ 2011-09-30 23:58 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-09-30 23:58 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-09-30 23:58 . 2011-06-21 18:18 532480 c:\windows\ie8\mstime.dll
+ 2011-09-30 23:58 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 146432 c:\windows\ie8\msls31.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 449536 c:\windows\ie8\mshtmled.dll
+ 2011-09-30 23:58 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-09-30 23:58 . 2011-06-21 18:18 251904 c:\windows\ie8\iepeers.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll
+ 2011-09-30 23:58 . 2004-08-04 10:00 221184 c:\windows\ie8\ieakui.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll
+ 2011-09-30 23:58 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 278528 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 23:12 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-30-2011\ERDNT.EXE
+ 2011-09-30 00:00 . 2011-09-30 00:00 278528 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000002\UsrClass.dat
+ 2011-09-30 00:00 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2011\ERDNT.EXE
+ 2011-09-29 00:33 . 2011-09-29 00:33 278528 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000002\UsrClass.dat
+ 2011-09-29 00:33 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-28-2011\ERDNT.EXE
+ 2011-09-27 18:05 . 2011-09-27 18:05 278528 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000002\UsrClass.dat
+ 2011-09-27 18:05 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-27-2011\ERDNT.EXE
+ 2011-09-25 04:45 . 2011-09-25 04:45 278528 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000002\UsrClass.dat
+ 2011-09-25 04:45 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-25-2011\ERDNT.EXE
+ 2011-09-24 16:26 . 2011-09-24 16:26 278528 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 16:26 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-24-2011\ERDNT.EXE
+ 2011-09-24 02:39 . 2011-09-24 02:39 278528 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000002\UsrClass.dat
+ 2011-09-24 02:39 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-23-2011\ERDNT.EXE
+ 2011-10-01 13:03 . 2011-10-01 13:03 278528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000002\UsrClass.dat
+ 2011-10-01 13:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-1-2011\ERDNT.EXE
+ 2004-08-10 17:51 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 17:51 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-06-26 08:15 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-21 06:44 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-10-01 00:00 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-30 23:58 . 2011-06-27 14:43 3084800 c:\windows\ie8\mshtml.dll
+ 2011-09-30 23:12 . 2011-09-30 23:12 3170304 c:\windows\ERDNT\AutoBackup\9-30-2011\Users\00000001\ntuser.dat
+ 2011-09-30 00:00 . 2011-09-30 00:00 3162112 c:\windows\ERDNT\AutoBackup\9-29-2011\Users\00000001\ntuser.dat
+ 2011-09-29 00:33 . 2011-09-29 00:33 3170304 c:\windows\ERDNT\AutoBackup\9-28-2011\Users\00000001\ntuser.dat
+ 2011-09-27 18:05 . 2011-09-27 18:05 3170304 c:\windows\ERDNT\AutoBackup\9-27-2011\Users\00000001\ntuser.dat
+ 2011-09-25 04:45 . 2011-09-25 04:45 3170304 c:\windows\ERDNT\AutoBackup\9-25-2011\Users\00000001\ntuser.dat
+ 2011-09-24 16:26 . 2011-09-24 16:26 3162112 c:\windows\ERDNT\AutoBackup\9-24-2011\Users\00000001\ntuser.dat
+ 2011-09-24 02:39 . 2011-09-24 02:39 3162112 c:\windows\ERDNT\AutoBackup\9-23-2011\Users\00000001\ntuser.dat
+ 2011-10-01 13:03 . 2011-10-01 13:03 3350528 c:\windows\ERDNT\AutoBackup\10-1-2011\Users\00000001\ntuser.dat
+ 2009-03-20 00:59 . 2011-09-28 16:35 47369160 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
+ 2011-10-01 00:00 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-10-01 00:01 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 14:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-30 4611456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-09-12 2076512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\documents and settings\Kiddies\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-13 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-25 14:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Photo AIO Printer 926\\dlcxmon.exe"=
"c:\\Program Files\\Linksys\\WUSB54GSC\\WUSB54GSC.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2008 8:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2008 8:06 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2008 8:06 PM 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/25/2010 10:30 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/25/2010 10:30 AM 308136]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [11/26/2008 1:19 PM 53307]
S2 gupdate1c99b7fb460f64;Google Update Service (gupdate1c99b7fb460f64);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 atidgllk;atidgllk;c:\dell\drivers\R169419\atidgllk.sys [4/2/2008 7:47 PM 12048]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 5:57 PM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 5:37 PM 133104]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/30/2011 7:31 PM 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
2011-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 21:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\MediaBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-01 11:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-01 11:37:09
ComboFix-quarantined-files.txt 2011-10-01 15:36
ComboFix2.txt 2011-09-21 18:39
ComboFix3.txt 2011-09-06 01:49
ComboFix4.txt 2011-09-05 02:41
ComboFix5.txt 2011-10-01 14:47
.
Pre-Run: 472,406,814,720 bytes free
Post-Run: 472,801,579,008 bytes free
.
- - End Of File - - BA35FF33FAFF2BB2FD1C1C7FE295D46C

**ken545** · 2011-10-01, 18:42

Nothing really earth shattering removed and the rest of the log looks fine, lets try installing the new version of Firefox and see how it goes

http://firefox7.org/

Have the adds thru your speakers stopped ?

**GKFISH** · 2011-10-04, 02:11

Hi Ken,

I reinstalled Firefox, but im afraid my computer is running very slowly, the audio pop ups still persist and AVG keeps blocking something called "Blackhole Exploit Kit (type 2055). The computer also keeps making a noise similar to when you close a window or turn the machine off. I realize the log indicated little in the way of problem....there are more now then before. Dont know what to do next..

Thanks, Greg

**ken545** · 2011-10-04, 02:24

Hello Greg,

Read this
http://community.websense.com/blogs/...ploit-kit.aspx

I think it would be in your best interest to back up all your data, documents and photos and do a format and reinstall of windows. If you need help with this let me know

Thread: Google redirect help

Thread Tools

Display

Posting Permissions