Author Topic: Browser Redirect problem (Read 4791 times)

danldo · « **on:** July 31, 2010, 03:27:00 AM »

I seem to have a browser redirect. I had some problems with Anti Spyware 2010 and I ran Malwarebytes and that seemed to get rid of it. I ran ESET scan and it says it is clean, but now when I search in google or yahoo and then click on a link it takes me to another page. My computer is an older Dell running XP SP3. Below is my Hijackthis log.
Any help please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:35, on 7/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207436382727
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207436362691
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 10659 bytes

KornmonGrim · « **Reply #1 on:** July 31, 2010, 06:55:35 PM »

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.

SuperDave · « **Reply #2 on:** July 31, 2010, 07:28:30 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

===================================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

===================================

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

==================================

Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

danldo · « **Reply #3 on:** August 01, 2010, 05:21:06 PM »

Here are my logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/01/2010 at 03:50 PM

Application Version : 4.41.1000

Core Rules Database Version : 5298
Trace Rules Database Version: 3110

Scan type : Complete Scan
Total Scan Time : 03:33:46

Memory items scanned : 544
Memory threats detected : 0
Registry items scanned : 6086
Registry threats detected : 0
File items scanned : 99317
File threats detected : 23

Adware.Tracking Cookie
   C:\Documents and Settings\Paul2\Cookies\paul2@questionmarket[2].txt
   C:\Documents and Settings\Paul2\Cookies\[email protected][1].txt
   C:\Documents and Settings\Paul2\Cookies\paul2@revsci[1].txt
   C:\Documents and Settings\Paul2\Cookies\[email protected][2].txt
   C:\Documents and Settings\Paul2\Cookies\paul2@zedo[2].txt
   C:\Documents and Settings\Paul2\Cookies\[email protected][1].txt
   C:\Documents and Settings\Paul2\Cookies\paul2@doubleclick[1].txt
   C:\Documents and Settings\Paul2\Cookies\paul2@atdmt[2].txt
   cdn4.specificclick.net [ C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\XGVUNPZB ]
   media.scanscout.com [ C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\XGVUNPZB ]
   objects.tremormedia.com [ C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\XGVUNPZB ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Macromedia\Flash Player\#SharedObjects\XGVUNPZB ]
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@247realmedia[2].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@adbrite[2].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@advertise[2].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@bizzclick[1].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@questionmarket[1].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@realmedia[2].txt
   C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\system@tribalfusion[2].txt

ComboFix 10-07-31.04 - Paul2 08/01/2010 18:11:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1415 [GMT -5:00]
Running from: c:\documents and settings\Paul2\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-30 18:18 . 2010-07-30 18:18   578560   -c--a-w-   c:\windows\system32\dllcache\user32.dll
2010-07-30 18:15 . 2010-07-30 18:15   --------   d-----w-   c:\windows\ERUNT
2010-07-30 18:11 . 2010-07-30 19:47   --------   d-----w-   C:\SDFix
2010-07-30 15:28 . 2010-08-01 17:13   63488   ----a-w-   c:\documents and settings\Paul2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-30 15:28 . 2010-07-30 15:28   52224   ----a-w-   c:\documents and settings\Paul2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-30 15:27 . 2010-08-01 17:13   117760   ----a-w-   c:\documents and settings\Paul2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-30 15:27 . 2010-07-30 15:27   --------   d-----w-   c:\documents and settings\Paul2\Application Data\SUPERAntiSpyware.com
2010-07-30 15:27 . 2010-07-30 15:27   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-07-29 21:53 . 2010-07-29 21:53   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\Temp
2010-07-29 20:48 . 2010-07-29 20:48   --------   d-----w-   c:\program files\ESET
2010-07-29 20:14 . 2008-04-13 18:39   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2010-07-29 20:14 . 2008-04-13 18:39   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2010-07-24 19:04 . 2010-07-24 19:04   --------   d-----w-   c:\program files\Apple Software Update
2010-07-24 19:04 . 2010-07-24 19:04   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2010-07-24 19:04 . 2010-07-24 19:04   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\Apple
2010-07-23 21:00 . 2010-07-23 21:01   --------   d-----w-   c:\documents and settings\Paul2\Application Data\HpUpdate
2010-07-23 15:56 . 2010-07-23 15:56   --------   d-----w-   c:\documents and settings\Paul2\Application Data\HP
2010-07-23 00:59 . 2010-07-23 00:59   503808   ----a-w-   c:\documents and settings\Paul2\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-142772d9-n\msvcp71.dll
2010-07-23 00:59 . 2010-07-23 00:59   499712   ----a-w-   c:\documents and settings\Paul2\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-142772d9-n\jmc.dll
2010-07-23 00:59 . 2010-07-23 00:59   348160   ----a-w-   c:\documents and settings\Paul2\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-142772d9-n\msvcr71.dll
2010-07-22 02:41 . 2010-07-22 02:41   342256   ----a-w-   c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-21 14:22 . 2010-07-21 14:22   921440   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgemc.exe
2010-07-21 14:22 . 2010-07-21 14:22   1615200   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 14:22 . 2010-07-21 14:22   1107296   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgxpl.dll
2010-07-21 14:22 . 2010-07-21 14:22   4368224   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgcorex.dll
2010-07-18 06:38 . 2010-07-18 06:38   --------   d-----w-   c:\documents and settings\Paul2\Application Data\Sonic
2010-07-18 00:20 . 2010-07-18 00:20   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\Apple Computer
2010-07-16 22:58 . 2010-07-16 22:58   --------   d-----w-   c:\documents and settings\Paul2\Application Data\Malwarebytes
2010-07-16 22:26 . 2010-07-20 18:43   --------   d-----w-   c:\documents and settings\Paul2\Application Data\Corel
2010-07-16 21:52 . 2010-07-16 22:00   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\Identities
2010-07-16 21:10 . 2010-07-16 21:10   --------   d-----w-   c:\documents and settings\Paul2\Application Data\Yahoo!
2010-07-16 21:10 . 2010-07-16 21:31   --------   d-----w-   c:\documents and settings\Paul2\Application Data\HPAppData
2010-07-16 21:10 . 2010-07-31 05:53   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\Google
2010-07-16 21:09 . 2010-07-16 21:09   --------   d-----w-   c:\documents and settings\Paul2\Local Settings\Application Data\ArcSoft
2010-07-16 21:09 . 2010-07-16 21:09   --------   d-----w-   c:\documents and settings\Paul2\Application Data\ArcSoft
2010-07-16 21:07 . 2010-07-16 21:07   4093792   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgui.exe
2010-07-16 21:07 . 2010-07-16 21:07   3951968   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avguires.dll
2010-07-16 21:07 . 2010-07-16 21:07   2448224   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avguiadv.dll
2010-07-16 21:07 . 2010-07-16 21:07   2065760   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgtray.exe
2010-07-16 21:07 . 2010-07-16 21:07   1278304   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgfrw.exe
2010-07-16 21:07 . 2010-07-16 21:07   1247584   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgabout.dll
2010-07-16 21:03 . 2010-07-16 21:03   --------   d-----w-   c:\documents and settings\LaNora.SMITH\Application Data\Yahoo!
2010-07-16 21:03 . 2010-07-16 21:05   --------   d-----w-   c:\documents and settings\LaNora.SMITH\Application Data\HPAppData
2010-07-16 01:32 . 2010-07-16 01:32   --------   d-----w-   c:\documents and settings\Administrator.SMITH\Application Data\Malwarebytes
2010-07-16 01:31 . 2010-07-29 22:01   --------   d-----w-   c:\documents and settings\Administrator.SMITH\Local Settings\Application Data\Microsoft
2010-07-16 00:23 . 2010-07-16 20:50   --------   d-----w-   c:\documents and settings\Owner.SMITH\Local Settings\Application Data\eimpcmngt
2010-07-15 14:50 . 2010-07-15 14:50   74760   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\UniversalDD.sys
2010-07-15 14:50 . 2010-07-15 14:50   30216   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-07-15 14:50 . 2010-07-15 14:50   26120   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-07-15 14:50 . 2010-07-15 14:50   25096   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-07-15 14:50 . 2010-07-15 14:50   242896   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 14:50 . 2010-07-15 14:50   122376   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-07-15 14:50 . 2010-07-15 14:50   216200   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 14:49 . 2010-07-15 14:49   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-15 14:46 . 2010-07-15 14:46   624920   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 14:46 . 2010-07-15 14:46   1690464   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 14:46 . 2010-07-15 14:46   1038688   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avgupd.exe
2010-07-15 14:46 . 2010-07-15 14:46   813336   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\avg9\update\backup\avginet.dll
2010-07-13 23:10 . 2010-06-14 14:31   744448   -c----w-   c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 22:27 . 2006-01-17 20:08   --------   d-----w-   c:\program files\Trend Micro
2010-07-30 15:27 . 2008-01-24 21:36   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-07-16 21:08 . 2010-07-16 21:08   161680   ----a-w-   c:\documents and settings\Paul2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 20:39 . 2009-10-23 21:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-07-16 01:22 . 2009-02-10 20:04   --------   d-----w-   c:\documents and settings\Owner.SMITH\Application Data\HPAppData
2010-07-15 14:49 . 2009-05-12 21:13   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:49 . 2010-03-15 03:33   25168   ----a-w-   c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-15 14:48 . 2009-05-12 21:13   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-07-06 23:24 . 2010-07-16 01:17   144354   ----a-w-   c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2010-07-01 06:54 . 2010-03-31 06:49   439816   ----a-w-   c:\documents and settings\Owner.SMITH\Application Data\Real\Update\setup3.10\setup.exe
2010-06-22 19:47 . 2010-06-22 19:47   501936   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\gtbF23.tmp.exe
2010-06-17 03:26 . 2010-06-17 03:26   503808   ----a-w-   c:\documents and settings\Owner.SMITH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4c1be6d1-n\msvcp71.dll
2010-06-17 03:26 . 2010-06-17 03:26   499712   ----a-w-   c:\documents and settings\Owner.SMITH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4c1be6d1-n\jmc.dll
2010-06-17 03:26 . 2010-06-17 03:26   348160   ----a-w-   c:\documents and settings\Owner.SMITH\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4c1be6d1-n\msvcr71.dll
2010-06-14 14:31 . 2008-04-05 23:20   744448   ----a-w-   c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-08 23:35 . 2010-06-08 23:35   --------   d-----w-   c:\documents and settings\Owner.SMITH\Application Data\Uniblue
2010-06-08 23:35 . 2010-06-08 23:35   --------   d-----w-   c:\program files\Uniblue
2010-06-02 13:51 . 2009-05-12 21:13   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-05-04 17:20 . 2006-06-23 16:33   832512   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2008-04-06 19:26   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2003-07-16 20:25   17408   ------w-   c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25   2117704   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2006-11-02 156160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

c:\documents and settings\Owner.SMITH\Start Menu\Programs\Startup\
Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2009-2-14 189952]
reminder-ScanSoft Product Registration.lnk - c:\program files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE [2008-4-7 45056]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2009-2-14 189952]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-10-21 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:49   12536   ----a-w-   c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\SYSTEM32\DRIVERS\AVGIDSxx.sys [3/14/2010 10:33 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [3/14/2010 10:33 PM 52872]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/12/2009 4:13 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/12/2009 4:13 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:48 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:49 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/15/2010 9:48 AM 2331032]
R3 Avgfwdx;Avgfwdx;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [3/14/2010 10:33 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [3/14/2010 10:33 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [3/14/2010 10:33 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [3/14/2010 10:33 PM 26192]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/15/2010 9:49 AM 5897808]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/26/2010 5:37 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [3/14/2010 10:33 PM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [10/23/2009 4:34 PM 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 22:37]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 22:37]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 18:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1592)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-01 18:23:02
ComboFix-quarantined-files.txt 2010-08-01 23:22

Pre-Run: 2,345,451,520 bytes free
Post-Run: 2,307,633,152 bytes free

- - End Of File - - 1D2A55B4D931E8D9A91DD5A78ECDF2FD

SuperDave · « **Reply #4 on:** August 01, 2010, 05:42:39 PM »

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

=================================

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

danldo · « **Reply #5 on:** August 01, 2010, 08:15:53 PM »

Here is my security check log.
I was not able to the the RootRepeal to run. It came up with a box that said Intializing, please wait.
I waited about 30 minutes and nothing else.

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.12.36
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

danldo · « **Reply #6 on:** August 02, 2010, 07:53:29 AM »

It seems to be working fine now.
I clicked on several links and they went to the proper page, but I don't want to assume to soon.

SuperDave · « **Reply #7 on:** August 02, 2010, 01:32:58 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

=============================

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

danldo · « **Reply #8 on:** August 02, 2010, 06:18:11 PM »

Here is the log.
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B09C4000
Module End: B09DC000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79B9000
Module End: F79BB000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: B0780670
Driver Base: B077E000
Driver End: B0788000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

Function Name: ZwTerminateProcess
Address: B0780720
Driver Base: B077E000
Driver End: B0788000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

Function Name: ZwTerminateThread
Address: B07807C0
Driver Base: B077E000
Driver End: B0788000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

Function Name: ZwWriteVirtualMemory
Address: B0780860
Driver Base: B077E000
Driver End: B0788000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\48348fcb7173357c67\amd64\filterpipelineprintproc.dll
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\msxpsdrv.cat
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\msxpsdrv.inf
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\msxpsinc.gpd
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\msxpsinc.ppd
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\mxdwdrv.dll
Status: Access denied

Object: C:\48348fcb7173357c67\amd64\xpssvcs.dll
Status: Access denied

Object: C:\48348fcb7173357c67\i386\filterpipelineprintproc.dll
Status: Access denied

Object: C:\48348fcb7173357c67\i386\msxpsdrv.cat
Status: Access denied

Object: C:\48348fcb7173357c67\i386\msxpsdrv.inf
Status: Access denied

Object: C:\48348fcb7173357c67\i386\msxpsinc.gpd
Status: Access denied

Object: C:\48348fcb7173357c67\i386\msxpsinc.ppd
Status: Access denied

Object: C:\48348fcb7173357c67\i386\mxdwdrv.dll
Status: Access denied

Object: C:\48348fcb7173357c67\i386\xpssvcs.dll
Status: Access denied

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4FAVIZSV\Re_ [GSWarbirds] Spitfire cockpit etc.
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\7A5MZI9P\Fw_ Why Men are rarely published in Dear Abby.....
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\9JH7V5DG\Fwd_ Fw_ I WANT THIS BACK ........ IT WORKS..........
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\CZXBAU3H\This is what happens when Engineers have too much time on their hands .............
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\STEZG1AV\Re_ OT Boston Review - Middle was Re_ Evil Stuff .......
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\YIAXHDWU\Re_ Way OT_ Stats and sources for Mr. B was RE_ rich sportsmen, etc.
Status: Hidden

Object: C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\ZLY8XPTR\my little plinker.....
Status: Hidden

SuperDave · « **Reply #9 on:** August 03, 2010, 05:55:42 PM »

How is your computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

danldo · « **Reply #10 on:** August 05, 2010, 02:13:55 AM »

It said no threats found. It is running great.
thank you so much for you help

SuperDave · « **Reply #11 on:** August 05, 2010, 01:12:05 PM »

Well, that sound good. If there are no other issues, it's time for some clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

==============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

==============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

================================

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Browser Redirect problem (Read 4791 times)

danldo

Browser Redirect problem

KornmonGrim

Re: Browser Redirect problem

SuperDave

Re: Browser Redirect problem

danldo

Re: Browser Redirect problem

SuperDave

Re: Browser Redirect problem

danldo

Re: Browser Redirect problem

danldo

Re: Browser Redirect problem

SuperDave

Re: Browser Redirect problem

danldo

Re: Browser Redirect problem

SuperDave

Re: Browser Redirect problem

danldo

Re: Browser Redirect problem

SuperDave

Re: Browser Redirect problem