Computer Hope

Microsoft => Microsoft Windows => Windows Server => Topic started by: ziggy on January 18, 2009, 02:27:55 PM

Title: Redirectred searches and can't update.
Post by: ziggy on January 18, 2009, 02:27:55 PM

Running XP PRO.  Cannot access any microsoft site to update windows. Cannot update AVG. If I do a search with Yahoo and click on one of the hits, I get redirected to somewhere else. If I try to click on a Microsoft site hit, I get sent to Google.
It doesn't matter if I use IE or FireFox, same results.  BUT if I use the Firefox and CoolPreviews I can view the hit site.
Ran Trendmicro and Pandasoftware on line scans and that didn't help. Have run spyware Dr. and several others with no help.
Don't think I can update any of the software programs--or is that redundant?
 :(

 Any ideas?

Thanks.

Title: Re: Redirectred searches and can't update.
Post by: patio on January 18, 2009, 04:09:06 PM

Do you have an XP CD ? ?

Title: Re: Redirectred searches and can't update.
Post by: spacecat9 on January 18, 2009, 04:27:12 PM

virus probably, i had a virus recently that gave me popups every where and opened site norton 360 said there was no virus. i got mcfee of a freind and ran it and foud the virus. problem solved.

try a system restore first. to before this started to happen. avg has a secound back door update site i will dig around for the address. the you can change the update source in avg its a work aroung for when you keys not being recognised. i'll reply this afternoon with that info but i got to go now stuff to do.

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 18, 2009, 08:28:21 PM

I do have a XP CD. 

Tried to restore a date week before the problem started and it didn't do any good.



***

Title: Re: Redirectred searches and can't update.
Post by: spacecat9 on January 18, 2009, 09:08:21 PM

i would try uninstalling fire fox. then uninstalling internet explore and reinstalling it in add remove programs even go back to the old internet explore version if window update has updated it. it may clear out the bug that's causing it.

to un install and reinstall ie explore its done through the add remove windows components option on the side bar left hand side of add remove programs just un-tick it then reboot then add the tick confirm and reinstall. it may work.

Title: Re: Redirectred searches and can't update.
Post by: patio on January 19, 2009, 06:38:12 AM

Go to Start/Run and type in sfc /scannow and hit Enter...have the XP CD handy as it will ask for it.
When it finishes re-boot and see how things are...if no improvement you've probably been hijacked.
Travel to our Virus and Spyware section and follow the guide at the top of the Main Page.

Title: Re: Redirectred searches and can't update.
Post by: patio on January 19, 2009, 10:17:23 AM

Quote from: akash2008 on January 19, 2009, 09:42:04 AM

I get redirected to somewhere else. If I try to click on a Microsoft site hit, I get sent to Google.
It doesn't matter if I use IE or FireFox, same results.  BUT if I use the Firefox and CoolPreviews I can view the hit site.
Ran Trendmicro and Pandasoftware on line scans and that didn't help. Have run spyware Dr. and several others with no help.

Are you ziggy or akash ? ?
This is the 2nd thread you have hijacked today...

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 19, 2009, 10:30:16 AM

I spammed them for the signature ;)

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 19, 2009, 10:55:24 AM

I am ziggy.  Don't know where the other guy came from.

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 19, 2009, 11:08:36 AM

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
  
• Then search for TDSSserv.sys
  
• Let me know if you find this or not.
• If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
  
• Also if this is found and you disable it.
• Now reboot and see if you can run the other scans that would not run.

.
----------

Now follow the directions here > http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 19, 2009, 11:42:54 AM

Quote from: evilfantasy on January 19, 2009, 11:08:36 AM

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

• Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
  
• Then search for TDSSserv.sys
  
• Let me know if you find this or not.
• If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
  
• Also if this is found and you disable it.
• Now reboot and see if you can run the other scans that would not run.

.
----------

Now follow the directions here > http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095

It is not there.

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 19, 2009, 12:09:30 PM

Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta (http://rapidshare.com/files/186158600/SDFix.exe.html) and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.     
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK  button.

Code: [Select]

C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply.

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 19, 2009, 08:09:11 PM

I'm beginning to think I have this new worm.  Check: http://www.f-secure.com/

Haven't had time to try the above procedure yet.  May have to reformat and reinstall.

 :-[

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 19, 2009, 08:48:27 PM

Reformat, reinstall and get everything back the way you want it can take sometimes half of a day. Running the above scan takes about 5 - 10 minutes. Your choice...

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 19, 2009, 09:02:33 PM

I'll go your way...

Thanks.

Will post when I finish the instructions.

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 19, 2009, 10:13:40 PM

Followed instructions--here is the first file:


SDFix: Version 1.240
Run by me on Mon 01/19/2009 at 11:21 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\iexplore.exe - Deleted



Folder C:\resycled - Removed


Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2009-01-19 23:50:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\me\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters

\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:

@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT

Corporation\\BlueSoleil\\BlueSoleil_.exe"="C:\\Program Files\\IVT

Corporation\\BlueSoleil\\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"D:\\Downloads\\AVG01_09\\avgemc.exe"="D:\\Downloads\\AVG01_09\\avgemc.exe:*:

Enabled:avgemc.exe"
"D:\\Downloads\\AVG01_09\\avgupd.exe"="D:\\Downloads\\AVG01_09\\avgupd.exe:*:

Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters

\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:

@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 18 Aug 2008     1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot -

Search & Destroy)\TeaTimer.exe"
Tue 14 Oct 2008        24,576 A..H. --- "C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil__.exe"
Tue 14 Oct 2008       661,776 A..H. --- "C:\Program Files\IVT

Corporation\BlueSoleil\BlueSoleil_.exe"
Sun  5 Oct 2008             0 A.SH. --- "C:\Documents and Settings\All

Users\DRM\Cache\Indiv01.tmp"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Common

Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Mon 15 Oct 2007        15,300 A..H. ---

"C:\WINDOWS\SoftwareDistribution\Download\3f69ea8a578f1bc30e2cba9a445213ed\BI

T10C.tmp"
Thu  7 Dec 2006     3,096,576 A..H. --- "C:\Documents and

Settings\me\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

***

After booting, I tried to go a Microsoft site and was redirected.  WinPatrol had a pop-up window telling me a change in the host file.  Sorry that I didn't get the exact wording.  Clicked on the button for more info and got:

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost


***

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 20, 2009, 01:29:50 PM

Hopefully you accepted the change from WinPatrol?

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 20, 2009, 05:15:20 PM

Here is the log file:


ComboFix 09-01-19.05 - me 2009-01-20 18:56:25.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.288 [GMT -5:00]
Running from: c:\documents and settings\me\Desktop\ComboFix1.exe
AV: avast! antivirus 4.8.1296 [VPS 090120-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: StopSign Antivirus FREE TRIAL diagnostic version *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gaopdxvjbapmex.sys
c:\windows\system32\gaopdxwbnyllrc.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


(((((((((((((((((((((((((   Files Created from 2008-12-21 to 2009-01-21  )))))))))))))))))))))))))))))))
.

2009-01-20 11:57 . 2009-01-20 11:57   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-20 00:38 . 2009-01-20 00:38   <DIR>   d--------   c:\documents and settings\me\Application Data\IObit
2009-01-19 23:19 . 2009-01-19 23:19   <DIR>   d--------   c:\windows\ERUNT
2009-01-19 23:12 . 2009-01-19 23:50   <DIR>   d--------   C:\SDFix
2009-01-19 22:32 . 2009-01-19 22:32   <DIR>   d--------   C:\rsit
2009-01-19 22:32 . 2009-01-19 22:32   <DIR>   d--------   c:\program files\trend micro
2009-01-19 13:11 . 2009-01-19 13:11   230   --a------   c:\windows\system32\spupdsvc.inf
2009-01-18 22:33 . 2003-03-18 16:20   1,060,864   --a------   c:\windows\system32\MFC71.dll
2009-01-18 00:30 . 2009-01-18 00:30   <DIR>   d--------   c:\documents and settings\me\Application Data\PC Tools
2009-01-18 00:30 . 2009-01-19 23:18   <DIR>   d-a------   c:\documents and settings\All Users\Application Data\TEMP
2009-01-18 00:30 . 2008-08-25 12:36   81,288   --a------   c:\windows\system32\drivers\iksyssec.sys
2009-01-18 00:30 . 2008-08-25 12:36   66,952   --a------   c:\windows\system32\drivers\iksysflt.sys
2009-01-18 00:30 . 2008-08-25 12:36   40,840   --a------   c:\windows\system32\drivers\ikfilesec.sys
2009-01-18 00:30 . 2008-06-02 16:19   29,576   --a------   c:\windows\system32\drivers\kcom.sys
2009-01-18 00:14 . 2009-01-18 00:14   <DIR>   d--------   c:\documents and settings\me\DoctorWeb
2009-01-17 10:29 . 2009-01-17 10:29   <DIR>   d--------   c:\program files\Acceleration Software
2009-01-17 10:29 . 2009-01-17 10:29   <DIR>   d--------   c:\documents and settings\me\Application Data\eAcceleration
2009-01-17 10:28 . 2009-01-17 10:29   <DIR>   d--------   c:\program files\eAcceleration
2009-01-17 10:28 . 2009-01-17 10:29   <DIR>   d--------   c:\program files\Common Files\eAcceleration
2009-01-17 10:28 . 2009-01-17 10:29   <DIR>   d--------   c:\documents and settings\All Users\Application Data\eAcceleration
2009-01-17 10:23 . 2009-01-17 10:23   <DIR>   d--------   c:\windows\BDOSCAN8
2009-01-16 03:06 . 2009-01-20 03:16   <DIR>   d--h-----   C:\$AVG8.VAULT$
2009-01-15 22:26 . 2001-05-22 23:45   45,056   --a------   c:\windows\PANIC32.dll
2009-01-15 22:26 . 2001-09-16 11:44   40,960   --a------   c:\windows\PANICNT.dll
2009-01-15 15:28 . 2009-01-15 15:28   <DIR>   d--------   c:\windows\system32\drivers\Avg
2009-01-15 15:28 . 2009-01-15 15:28   <DIR>   d--------   c:\program files\AVG
2009-01-15 15:28 . 2009-01-15 15:36   <DIR>   d--------   c:\documents and settings\me\Application Data\AVGTOOLBAR
2009-01-15 15:28 . 2009-01-15 15:28   97,928   --a------   c:\windows\system32\drivers\avgldx86.sys
2009-01-15 15:28 . 2009-01-15 15:28   76,040   --a------   c:\windows\system32\drivers\avgtdix.sys
2009-01-15 15:28 . 2009-01-15 15:28   10,520   --a------   c:\windows\system32\avgrsstx.dll
2009-01-09 22:44 . 2008-07-07 12:27   102,664   --a------   c:\windows\system32\drivers\tmcomm.sys
2009-01-05 22:40 . 2009-01-05 22:44   <DIR>   d--------   c:\documents and settings\me\Application Data\XnView
2009-01-03 13:09 . 2008-10-16 14:06   268,648   --a------   c:\windows\system32\mucltui.dll
2009-01-03 13:09 . 2008-10-16 14:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2009-01-02 22:33 . 2009-01-02 22:33   <DIR>   d--------   c:\program files\MSECache
2008-12-22 21:14 . 2008-12-22 21:14   72,192   --a------   c:\windows\cadkasdeinst01e.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 00:03   89,638,944   --sha-w   c:\windows\system32\drivers\fidbox.dat
2009-01-20 16:57   ---------   d-----w   c:\program files\Java
2009-01-19 18:11   907,776   ----a-w   c:\windows\Internet Logs\xDB6.tmp
2009-01-19 18:11   1,915,392   ----a-w   c:\windows\Internet Logs\xDB7.tmp
2009-01-15 20:28   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2009-01-15 15:19   1,058,096   --sha-w   c:\windows\system32\drivers\fidbox.idx
2009-01-15 04:36   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2009-01-15 01:18   2,258,944   ----a-w   c:\windows\Internet Logs\xDB4.tmp
2009-01-15 01:18   1,798,144   ----a-w   c:\windows\Internet Logs\xDB5.tmp
2008-12-30 04:27   1,147,392   ----a-w   c:\windows\Internet Logs\xDB3.tmp
2008-12-20 03:44   ---------   d-----w   c:\documents and settings\me\Application Data\DivX
2008-12-20 03:38   1,881,903   ----a-w   c:\windows\Internet Logs\tvDebug.zip
2008-12-15 22:31   ---------   d-----w   c:\documents and settings\me\Application Data\SuperNZB
2008-12-11 11:57   333,184   ----a-w   c:\windows\system32\drivers\srv.sys
2008-12-10 18:02   625,664   ----a-w   c:\windows\Internet Logs\xDB2.tmp
2008-12-10 14:17   7,808   ----a-w   c:\windows\system32\drivers\psi_mf.sys
2008-12-01 05:45   ---------   d-----w   c:\documents and settings\me\Application Data\GARMIN
2008-11-30 03:18   2,710,016   ----a-w   c:\windows\Internet Logs\xDB1.tmp
2008-11-25 20:20   ---------   d-----w   c:\program files\Freecorder
2008-11-25 14:03   ---------   d-----w   c:\documents and settings\me\Application Data\Apple Computer
2008-11-21 21:47   9,464   ------w   c:\windows\system32\drivers\cdralw2k.sys
2008-11-21 21:47   9,336   ------w   c:\windows\system32\drivers\cdr4_xp.sys
2008-11-21 21:47   524,288   ----a-w   c:\windows\system32\DivXsm.exe
2008-11-21 21:47   43,528   ------w   c:\windows\system32\drivers\PxHelp20.sys
2008-11-21 21:47   3,596,288   ----a-w   c:\windows\system32\qt-dx331.dll
2008-11-21 21:47   129,784   ------w   c:\windows\system32\pxafs.dll
2008-11-21 21:47   120,056   ------w   c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47   118,520   ------w   c:\windows\system32\pxinsi64.exe
2008-11-21 21:46   200,704   ----a-w   c:\windows\system32\ssldivx.dll
2008-11-21 21:46   1,044,480   ----a-w   c:\windows\system32\libdivx.dll
2008-11-21 21:44   161,096   ----a-w   c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44   12,288   ----a-w   c:\windows\system32\DivXWMPExtType.dll
2008-11-10 14:20   737,280   ----a-w   c:\windows\iun6002.exe
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
1998-10-12 16:23   40,960   ----a-w   c:\windows\inf\vizPnP\Vipersti.dll
1998-07-30 17:44   19,112   ----a-w   c:\windows\inf\vizPnP\Pmxscan.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-11-25 15:20   1784856   --a------   c:\program files\Freecorder\tbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2008-11-25 1784856]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="d:\programs\eraser\Eraser\eraser.exe" [2002-04-29 487424]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"PPWebCap"="c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2000-03-01 48128]
"Advanced SystemCare 3"="d:\downloads\SystemCare\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"="c:\program files\Keymaestro\Multimedia Keyboard\MMKeybd.exe" [2002-01-17 147456]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Adobe Reader Speed Launcher"="d:\downloads\Adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"WinPatrol"="d:\downloads\WinPatrol\winpatrol.exe" [2004-12-09 140480]
"fbdirect"="c:\program files\ScanSoft\PaperPort\fbdirect.exe" [1998-11-17 227328]
"ZoneAlarm Client"="d:\downloads\ZoneAlarm\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"AVG8_TRAY"="d:\downlo~1\AVG01_09\avgtray.exe" [2009-01-15 1261336]
"Pop-Up Stopper"="d:\programs\popupstp\POP-UP~1\dpps2.exe" [2001-10-16 675840]
"webscan"="c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe" [2008-12-11 914784]
"SoftwareStation"="c:\program files\eAcceleration\Station\station.exe" [2008-04-15 173392]
"avast!"="d:\downlo~1\Avast\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-05-21 581632]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\Userinit.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^me^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"CiSvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"d:\\Downloads\\AVG01_09\\avgemc.exe"=
"d:\\Downloads\\AVG01_09\\avgupd.exe"=

R0 DMX3191;DMX3191;c:\windows\system32\drivers\DMX3191.SYS [1999-12-13 11459]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-08-19 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-18 111184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-15 97928]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2008-05-31 6656]
R3 pmxscan;Visioneer USB Service;c:\windows\system32\drivers\usbscan.sys [2008-09-28 15104]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-18 20560]
R4 avg8emc;AVG Free8 E-mail Scanner;d:\downlo~1\AVG01_09\avgemc.exe [2009-01-15 875288]
R4 avg8wd;AVG Free8 WatchDog;d:\downlo~1\AVG01_09\avgwdsvc.exe [2009-01-15 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-15 76040]
R4 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-01-17 111952]
R4 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [2009-01-17 263504]
R4 HPFECP06;HPFECP06;c:\windows\system32\drivers\hpfecp06.sys [2008-08-23 38176]
R4 nhksrv;Netropa NHK Server;c:\program files\Keymaestro\Multimedia Keyboard\nhksrv.exe [2008-05-31 28672]
R4 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-05-19 100728]
R4 sstsmonsvc;StopSign Antivirus Security Center Provider;c:\progra~1\EACCEL~1\FRAMEW~1\eac_svc.exe [2009-01-17 111952]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\16.tmp --> c:\windows\system32\16.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-08-29 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-08-29 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-08-29 42112]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2008-08-28 10880]
S3 sdAuxService;PC Tools Auxiliary Service;d:\downloads\IamFamousRemoval\Spyware Doctor\pctsAuxs.exe [2009-01-18 356920]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2008-05-21 3351]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}]
\Shell\AutoRun\command - i:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-21 c:\windows\Tasks\RegCure Program Check.job
- d:\downloads\Reg Cure\RegCure\RegCure.exe [2007-10-20 11:40]

2009-01-15 c:\windows\Tasks\RegCure.job
- d:\downloads\Reg Cure\RegCure\RegCure.exe [2007-10-20 11:40]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: asia.msi.com.tw
Trusted Zone: global.msi.com.tw
Trusted Zone: www.msi.com.tw
Trusted Zone: wdc.custhelp.com
Trusted Zone: global.msi.com.tw
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - component: d:\downloads\AVG01_09\Firefox\components\avgssff.dll
FF - component: d:\downloads\AVG01_09\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\default.roe\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\me\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: d:\downloads\Adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\downloads\divx pro\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\downloads\divx pro\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\downloads\FireFox\plugins\NPBelv32.dll
FF - plugin: d:\downloads\FireFox\plugins\NPZoneSB.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 19:00:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\16.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
d:\downloads\Avast\aswUpdSv.exe
d:\downloads\Avast\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\downloads\Reg_ProShow\scsiaccess.exe
c:\windows\system32\searchindexer.exe
d:\downlo~1\AVG01_09\avgrsx.exe
d:\downloads\Avast\Setup\avast.setup
d:\downloads\Avast\ashMaiSv.exe
d:\downloads\Avast\ashWebSv.exe
c:\program files\Keymaestro\Multimedia Keyboard\Traymon.exe
c:\program files\Keymaestro\Onscreen Display\osd.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\eAcceleration\Station\station_bk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-01-20 19:05:15 - machine was rebooted
ComboFix-quarantined-files.txt  2009-01-21 00:05:06

Pre-Run: 31,539,339,264 bytes free
Post-Run: 31,555,018,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XXCLONE: (Cloned Volume) [d:0,p:1] \WINDOWS" /fastdetect /NoExecute=OptIn

269   --- E O F ---   2008-10-17 20:23:57


Also had this in a pop up window:
127.0.0.1       localhost

***

Just had WinPatrol ask if I wanted .jpg files to open with IE instead of VuePrint.  Told it no.

**

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 20, 2009, 05:34:22 PM

Looks good. There are a few things to take care of.

Download the OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}]

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Please go to Start > Run and copy/paste the following blue text and then press Enter:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 20, 2009, 08:10:46 PM

File from MoveIt after the reboot:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca05ce84-2614-11dd-81e4-0030bd1e78f3}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\me\LOCALS~1\Temp\etilqs_k541boUvCGX1FhhVV2lB scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_718.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0432d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04330.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF1563.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_215222

Files moved on Reboot...
File C:\DOCUME~1\me\LOCALS~1\Temp\etilqs_k541boUvCGX1FhhVV2lB not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4d8.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_718.dat moved successfully.
C:\WINDOWS\temp\ZLT0432d.TMP moved successfully.
C:\WINDOWS\temp\ZLT04330.TMP moved successfully.
C:\WINDOWS\temp\~DF1563.tmp moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.roe\XUL.mfl moved successfully.


***

From the add/remove text file:


Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Advanced SystemCare 3
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Audacity 1.3.6 (Unicode)
Audio Recorder for Free
Audio Recorder Pro 3.70
AutoUpdate
avast! Antivirus
AVG Free 8.0
Belarc Advisor 5.1
Bluesoleil2.6.0.8 Release 070517
Bonjour
C-Media WDM Audio Driver
Compatibility Pack for the 2007 Office system
Cryptainer LE
DiscWizard for Windows
DivX Codec
DivX Player
DivX Web Player
Driver Detective
DriverGuide DriverScan
DriverGuide Toolkit
Enhanced Sound Card Driver 8.0
Eraser 5.3
FLVhosting Desktop FLV Player Ver 2.00
Fotosizer 1.19
Fox Magic Audio Recorder 1.0
FREE Hi-Q Recorder 1.92
Freecorder Toolbar
Freecorder Toolbar 3.02 Application
Garmin POI Loader
Google Earth
Google Updater
HHD Software Free Hex Editor 3.12
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP DeskJet 720C Series (Remove only)
Huelix Audio Converter 2.0
Image Resizer Powertoy for Windows XP
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Keymaestro Multimedia Keyboard
Livestation
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Software Update
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.19)
Mp3 Stream Recorder
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nikon Scan
OpenAL
Panda ActiveScan 2.0
PaperPort 6.5
PDF Reader 2
Photodex Presenter
Pop-Up Stopper
Prism Video Converter
ProShow
ProShow Gold
QuickTime
Replay Radio and Replay A/V 7
Safari
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Secunia PSI
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Slides & Sound Plus
Smart Defrag 1.03
SoundTap Streaming Audio Recorder
Spybot - Search & Destroy
Spyware Doctor 6.0
StopSign Internet Security
Switch Sound File Converter
Uniblue DriverScanner 2009
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VIA Audio Driver Setup Program
Visioneer 7600 USB Scanner Driver
VLC media player 0.9.4
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XnView 1.95.4
XXClone  ver 0.58.0
ZoneAlarm
ZoneAlarm Spy Blocker

***

I am able to get the windows updates now.

I have resisted installing sp3 because so many people had problems with it.  Read somewhere to download it to a file, burn it on a cd and reboot to safe mode and then install it.  What do you suggest?

BTW--Thanks for all the help you have given me.  If you were a woman, I'd give you a kiss--a man and I'd shake your hand and buy you a burger and a coke.

:)))

Next?

ziggy

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 20, 2009, 08:21:55 PM

You can install SP3 from the Windows Update site as soon as we are done. I can't think of any reason to put it on a disk and install in safe mode.

Go to Add/Remove Programs and uninstall:

*AutoUpdate
*Java(TM) 6 Update 6
*Java(TM) 6 Update 7

You have multiple antivirus installed. This is never advised as it only causes problems so uninstall all but one.

avast! Antivirus
AVG Free 8.0
StopSign Internet Security <- Don't keep this one.

----------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)

.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox (http://"http://www.spreadfirefox.com/node&id=224248&t=324"). With more than 15,000 improvements, Firefox 3 is faster, safer and smarter than ever before.

For Internet Explorer 7 users there is IE7Pro (http://www.ie7pro.com/). IE7Pro is a must have add-on for Internet Explorer, which includes a lot of features and tweaks to make your IE friendlier, more useful, more secure and customizable.

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
*  Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.

Title: Re: Redirectred searches and can't update.
Post by: ziggy on January 20, 2009, 08:52:20 PM

Am using FireFox except when I update windows.

Will download the others suggested that I don't have.

Avast or AVG--which do you like better?

Again--Thanks.

Title: Re: Redirectred searches and can't update.
Post by: evilfantasy on January 20, 2009, 09:00:23 PM

Personally I prefer Avast.

Your welcome.