Google search results redirect to other sites Google search results redirect to other sites
Hello,Malwarebytes
I have to attach GMER log in a txt file since I keep getting errors when I try to post it directly. ************************************************** *******
**********************************************========== Processes (SafeList) ========== ========== Modules (SafeList) ========== ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== Google Toolbar Google Toolbar Google Google Google Toolbar https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)http://ari08.myphotoalbum.com/MyPhot...syUploader.cab (MyPhotoAlbum Upload Tool Combo Control)http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)http://download.mcafee.com/molbin/sh...0/mcinsctl.cab (Reg Error: Key error.)http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)http://www.photofinale.com/ImageUplo...eUploader4.cab (Reg Error: Key error.)http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab (Reg Error: Key error.)http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_01)http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_02)http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_05)http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)http://ari08.myphotoalbum.com/ImageUploader4.cab (MyPhotoAlbum Easy Upload Tool Combo Control)http://www.imagestation.com/common/c...b?ver=2,0,0,54 (Pixami Print Layout Control)http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)http://www.imagestation.com/common/c...cab?v=1,0,0,37 (AxRUploadControl Object)www )========== Files/Folders - Created Within 90 Days ========== ========== Files - Modified Within 90 Days ========== ========== Files Created - No Company Name ========== ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > < %systemroot%\Fonts\*.com > < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > < %USERPROFILE%\Desktop\*.exe > < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > < %SystemRoot%\system32\fonts\*.* > < %systemroot%\system32\winlog\*.* > < %systemroot%\system32\Language\*.* > < %systemroot%\system32\Settings\*.* > < %systemroot%\system32\*.quo > < %SYSTEMROOT%\AppPatch\*.exe > < %SYSTEMROOT%\inf\*.exe > < %SYSTEMROOT%\Installer\*.exe > < %systemroot%\system32\config\*.bak2 > < %systemroot%\system32\Computers\*.* > < %SystemRoot%\system32\Sound\*.* > < %SystemRoot%\system32\SpecialImg\*.* > < %SystemRoot%\system32\code\*.* > < %SystemRoot%\system32\draft\*.* > < %SystemRoot%\system32\MSSSys\*.* > < %ProgramFiles%\Javascript\*.* > < %systemroot%\pchealth\helpctr\System\*.exe /s > < %systemroot%\Web\*.exe > < %systemroot%\system32\msn\*.* > < %systemroot%\system32\*.tro > < %AppData%\Microsoft\Installer\msupdates\*.* > < %ProgramFiles%\Messenger\*.* > < %systemroot%\system32\systhem32\*.* > < %systemroot%\system\*.exe > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ==========
********************************========== Extra Registry (SafeList) ========== ========== File Associations ========== ========== Shell Spawning ========== ========== Security Center Settings ========== ========== System Restore Settings ========== ========== Firewall Settings ========== ========== Authorized Applications List ========== eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News... )========== HKEY_LOCAL_MACHINE Uninstall List ========== ========== HKEY_CURRENT_USER Uninstall List ========== ========== Last 10 Event Log Errors ==========
Welcome aboard GMER - Rootkit Detector and Remover
Please download ComboFix from Here Here **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop** Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Very Important! disable your anti-virus , script blocking and any anti-malware real-time protection before "unpredictable results" .Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. NOTE1. Recovery Console NOTE 2. always do so .Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall** Make sure, you re-enable your security programs, when you're done with Combofix. DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Before I run Combofix I wanted to ask something. It appears that the problem is already resolved. The Google search results do not redirect to other sites any more. Should I still Combofix? The PC appears to run okay as it is.
OK, cleaning process, once started, has to be finished.
Here's the Combofix log in an attached .txt file.
Newbie
52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
42 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
