onepiolin
asked on
Search engine redirect?
One of my users has been having a weird issue. Any search request that you plug into google, yahoo, or msn, brings back crap. Like for example, a search for "microsoft" will bring up "Microsoft Download Center
Visit the Download Center to find the latest product updates from Microsoft in dozens of languages.
www.deal-land.com - 45k - Cached - Similar pages" and so on and so forth. The issue is not only with IE, but also with Firefox.
I've run Spybot, CA AV, Ad Aware, fixwareout, hijackthis with no solutions. Hijackthis shows no questionable entries, and I've put the log below. DNS is pointing to the right server, the hosts file is clean, no proxy is being used.
I don't know what else to look for.
Any help is appreciated.
>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:17 AM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\cisvc.
C:\Program Files\Google\Common\Google
C:\Program Files\CA\SharedComponents\
C:\Program Files\CA\eTrustITM\InoRpc.
C:\Program Files\CA\eTrustITM\InoRT.e
C:\Program Files\CA\eTrustITM\InoTask
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc3
c:\program files\timberline office\shared\sage.service
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\cidaem
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin
C:\WINDOWS\System32\DLA\DL
C:\Program Files\PFU\ScanSnap\PfuSsSc
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CA\eTrustITM\realmon
C:\WINDOWS\system32\RUNDLL
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Yahoo!\Messenger\Yah
C:\WINDOWS\system32\ctfmon
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Timberline Office\Accounting\TS.exe
C:\Program Files\Timberline Office\Accounting\tstasks.
C:\Program Files\Timberline Office\Accounting\IA.exe
C:\Program Files\PFU\ScanSnap\Driver\
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\taskmg
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSc
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-8
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DA758BB1-5F89-4465-975F-8
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_Help
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.e
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4
--
End of file - 11606 bytes
Visit the Download Center to find the latest product updates from Microsoft in dozens of languages.
www.deal-land.com - 45k - Cached - Similar pages" and so on and so forth. The issue is not only with IE, but also with Firefox.
I've run Spybot, CA AV, Ad Aware, fixwareout, hijackthis with no solutions. Hijackthis shows no questionable entries, and I've put the log below. DNS is pointing to the right server, the hosts file is clean, no proxy is being used.
I don't know what else to look for.
Any help is appreciated.
>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:17 AM, on 1/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\cisvc.
C:\Program Files\Google\Common\Google
C:\Program Files\CA\SharedComponents\
C:\Program Files\CA\eTrustITM\InoRpc.
C:\Program Files\CA\eTrustITM\InoRT.e
C:\Program Files\CA\eTrustITM\InoTask
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc3
c:\program files\timberline office\shared\sage.service
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\cidaem
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin
C:\WINDOWS\System32\DLA\DL
C:\Program Files\PFU\ScanSnap\PfuSsSc
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CA\eTrustITM\realmon
C:\WINDOWS\system32\RUNDLL
C:\Program Files\iTunes\iTunesHelper.
C:\Program Files\Yahoo!\Messenger\Yah
C:\WINDOWS\system32\ctfmon
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\Timberline Office\Accounting\TS.exe
C:\Program Files\Timberline Office\Accounting\tstasks.
C:\Program Files\Timberline Office\Accounting\IA.exe
C:\Program Files\PFU\ScanSnap\Driver\
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\taskmg
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-6
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-6
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DL
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSc
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTr
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program Files\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClien
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-8
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {DA758BB1-5F89-4465-975F-8
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_Help
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.e
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NC
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc3
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4
--
End of file - 11606 bytes
Fixwareout might work, but the link above is bad. Try downloading it from here:
http://files.filefront.com/Fixwareoutexe/;9892936;/fileinfo.html
TK
http://files.filefront.com/Fixwareoutexe/;9892936;/fileinfo.html
TK
ASKER
I ran fixwareout before I posted.
No luck.
No luck.
onepiolin, Mailwarebytes antimailware program should fix the problem.
ASKER
No luck with malwarebyte's program either.
Below is the log. I have also attached a screen cap.
Oh, and I did a System Restore to last week, when it was supposedly working right. no luck with that either.
>>>
Malwarebytes' Anti-Malware 1.33
Database version: 1702
Windows 5.1.2600 Service Pack 3
1/28/2009 9:45:38 PM
mbam-log-2009-01-28 (21-45-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 155762
Time elapsed: 59 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
<<<
ScreenCap.JPG
Below is the log. I have also attached a screen cap.
Oh, and I did a System Restore to last week, when it was supposedly working right. no luck with that either.
>>>
Malwarebytes' Anti-Malware 1.33
Database version: 1702
Windows 5.1.2600 Service Pack 3
1/28/2009 9:45:38 PM
mbam-log-2009-01-28 (21-45-38).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 155762
Time elapsed: 59 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
<<<
ScreenCap.JPG
Have you tried ComboFix?
Instructions:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
TK
Instructions:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
TK
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You are a *GENIUS*!
Thank you so much.
The bad file wad the wdmaud.sys. In the registry key:
HKLM\software\microsoft\wi
it was entered in the "aux2" spot.
Thank you so much.
The bad file wad the wdmaud.sys. In the registry key:
HKLM\software\microsoft\wi
it was entered in the "aux2" spot.
Yes, it also changes the value of "aux" to wdmaud.sys instead of the default "wdmaud.drv", and in your case it changes the value of "aux2" to "wdmaud.sys".If you lose audio just change the value to "wdmaud.drv"
Thanks for points and the grade!
Thanks for points and the grade!
ASKER
you're welcome.
I wonder why any of the malware software doesn't pick it up...?
... and why a system restore didn't work either? I thought it was supposed to revert the registry to an older date.
I wonder why any of the malware software doesn't pick it up...?
... and why a system restore didn't work either? I thought it was supposed to revert the registry to an older date.
You may have a Wareout infection. Run FixWareout
http://downloads.subratam.org/Fixwareout.exe
If no joy, run Mailwarebytes
http://www.malwarebytes.org/
Hope this helps!
war1