Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Active] IE redirecting URLs

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 31st July 2009   #1
Member
 
Profile:
Join Date: Jun 2008
Posts: 10
Computer Experience:
Beginner
IANV Reputation Level
[Active] IE redirecting URLs
I was advised by Broni to come here with the issue I posted in the Internet Explorer forum as "InternetExplorer redials wrong URL", and to attach results of tests with the DDS tool. Those two files are copied below.

Since my posts in the other forum, I have been able to work around my original problem - having uninstalled the very tedious IE8, I find that IE7 does not have the problem of changing the URLs of some of the pages I try to navigate between on my family history site. (That site's support team had said that other IE8 users had found no problems - so initially I did not bother returning to IE7.)

If my problem is specific to IE8, a malware problem seems unlikely? But here are the logs anyway.

Thanks,
IANV
-------------
1) DDS.TXT:

DDS (Ver_09-06-26.01) - NTFSx86
Run by IANV0708 at 13:06:20.18 on 31/07/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.911 [GMT 1:00]

AV: BullGuard Antivirus *On-access scanning enabled* (Updated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: BullGuard Antispyware *enabled* (Updated) {72CDBC85-9052-4B41-961E-B919FFE571AA}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\System32\svchost.exe -k BullGuard
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\program files\bullguard ltd\bullguard\BullGuard.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\IANV0708\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [WindowsWelcomeCenter] "c:\windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\bullguard.exe" -boot
mRun: [btbb_wcm_McciTrayApp] "c:\program files\bt broadband desktop help\btbb_wcm\McciTrayApp.exe"
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CanonSolutionMenu] "c:\program files\canon\solutionmenu\CNSLMAIN.exe" /logon
mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\ianv0708\appdata\roaming\micros~1\windows\startm~1\programs\startu p\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lumixs~1.lnk - c:\program files\panasonic\lumixsimpleviewer\PhLeAutoRun.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\bglsp.dll
Trusted Zone: bt.com\service.btbroadbandvoice
Trusted Zone: findmypast.com\www
Trusted Zone: kindredkonnections.com\www
Trusted Zone: motive.com\pbttbc.bt
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-27 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\Afw.sys [2007-11-28 29208]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2008-7-10 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
R2 BsFire;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2008-7-18 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [2008-11-14 305688]

=============== Created Last 30 ================

2009-07-27 15:53 <DIR> --d----- c:\windows\MultiResource Client
2009-07-27 15:53 <DIR> --d----- c:\program files\MultiResource Client
2009-07-25 09:44 <DIR> --d----- c:\programdata\McAfee
2009-07-15 11:27 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 11:27 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 11:27 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 11:27 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-07 11:11 <DIR> --d----- c:\users\ianv0708\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CC D73DDBBD723A6DA9D.1
2009-07-07 11:11 <DIR> --d----- c:\program files\BBC iPlayer Desktop

==================== Find3M ====================

2009-06-08 11:48 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-27 17:39 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-27 17:39 51,200 a------- c:\windows\inf\infpub.dat
2009-05-27 17:39 86,016 a------- c:\windows\inf\infstor.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2008-07-25 19:30 174 a--sh--- c:\program files\desktop.ini
2008-07-25 19:20 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:07:47.74 ===============
2) ATTACH.TXT:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/07/2008 00:42:00
System Uptime: 31/07/2009 02:21:30 (11 hours ago)

Motherboard: Foxconn | | 965X7AA
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Socket 775 | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 292 GiB total, 213.166 GiB free.
D: is CDROM (UDF)
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&38065078&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&38065078&0
Service: i8042prt

==== System Restore Points ===================

RP474: 07/07/2009 15:22:40 - Windows Update
RP475: 08/07/2009 12:02:49 - Scheduled Checkpoint
RP476: 09/07/2009 00:27:25 - Scheduled Checkpoint
RP477: 10/07/2009 13:52:29 - Scheduled Checkpoint
RP478: 10/07/2009 20:32:04 - Windows Update
RP479: 13/07/2009 11:12:52 - Scheduled Checkpoint
RP480: 14/07/2009 15:42:33 - Scheduled Checkpoint
RP481: 15/07/2009 11:13:33 - Scheduled Checkpoint
RP482: 15/07/2009 11:49:17 - Windows Update
RP484: 16/07/2009 00:04:02 - Scheduled Checkpoint
RP486: 17/07/2009 02:34:12 - Scheduled Checkpoint
RP487: 18/07/2009 11:22:43 - Scheduled Checkpoint
RP488: 19/07/2009 17:28:44 - Scheduled Checkpoint
RP489: 20/07/2009 10:14:47 - Scheduled Checkpoint
RP490: 20/07/2009 10:26:07 - Windows Update
RP491: 21/07/2009 00:46:52 - Scheduled Checkpoint
RP492: 22/07/2009 10:21:29 - Scheduled Checkpoint
RP493: 22/07/2009 11:53:39 - Windows Update
RP494: 23/07/2009 16:51:55 - Scheduled Checkpoint
RP496: 24/07/2009 23:12:49 - Scheduled Checkpoint
RP497: 25/07/2009 09:46:10 - Installed Java(TM) 6 Update 14
RP498: 25/07/2009 09:56:11 - Removed Java(TM) 6 Update 3
RP499: 25/07/2009 09:58:03 - Removed Java(TM) 6 Update 7
RP500: 25/07/2009 11:21:31 - Windows Update
RP501: 26/07/2009 00:10:24 - Restore Operation
RP502: 26/07/2009 18:10:55 - Windows Update
RP503: 27/07/2009 15:25:43 - Restore Operation
RP504: 29/07/2009 04:35:55 - Scheduled Checkpoint
RP505: 30/07/2009 00:23:11 - Scheduled Checkpoint
RP506: 30/07/2009 13:04:56 - Windows Update
RP508: 30/07/2009 13:24:50 - Windows Modules Installer

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Apple Software Update
BBC iPlayer Desktop
BCL easyConverter SDK 1.0.0 Module
BT Broadband Desktop Help
BT Wireless Connection Manager
BullGuard 8.0
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CD-LabelPrint
DriverGuide Toolkit
Family Tree Maker 2008
GENMatcher 1.08
GENViewer version 1.23
Google Earth
Google Updater
Hampshire Baptism Index
Hampshire Baptism Index 2
Hampshire Burial Index
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 14
Legacy 7.0
Legacy Charting 7.0
Lizardtech DjVu Control (autoinstall)
LUMIX Simple Viewer
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MultiResource Client 2.17.0 (Standard)
NVIDIA Drivers
PHOTOfunSTUDIO -viewer-
QuickTime
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Serif AlbumPlus 4
Serif PhotoPlus 11
Skypad
Soft Voice SoftRing Modem with SmartSP
Spy Sweeper
Spy Sweeper Core
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinRAR archiver
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

24/07/2009 22:07:34, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user IANV0708-PC\IANV0708 SID (S-1-5-21-3484384270-2544271106-1312593353-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
24/07/2009 18:18:00, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

==== End Of File ===========================
IANV is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 1st August 2009   #2
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 6,850
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System

Let'smake sure...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.


Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
broni is online now   Reply With Quote



Reply

« [Resolved] XP Acting Strange - Requested DDS #1 Info 07-24-09 | [Active] Computer doesn't boot right/at all... »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Active] Google Redirecting, Windows Updater and System Restore Disabled Ziniath Malware and Virus Removal 5 16th July 2009 16:18
[Active] Google Redirecting crazyguymgd Malware and Virus Removal 16 27th May 2009 23:08
[Active] Google Redirecting Search Results kendallion Malware and Virus Removal 5 25th March 2009 05:30
[Active] google redirecting, websites blocked, warnings from windows greyfox878 Malware and Virus Removal 11 23rd January 2009 02:52
[Active] virus affecting IE by redirecting searches,blocking tools coopsey Malware and Virus Removal 11 18th December 2008 05:26


All times are GMT +1. The time now is 02:25.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32