Author Topic: Annoying Google Redirect (Read 26812 times)

Alvarezz · « **on:** April 20, 2011, 07:10:20 PM »

When searching on Google.com I keep getting redirected to fake anti-virus websites, and sometimes to very random websites that have nothing to do with what I searched.

Is this a virus? I'm using Google Chrome and my operating system is Windows XP service pack-3. Is any additional info required?

SuperDave · « **Reply #1 on:** April 21, 2011, 12:55:35 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**************************************************
We'll run some scans and see what comes up.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*************************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Alvarezz · « **Reply #2 on:** April 28, 2011, 10:22:28 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/22/2011 at 09:31 PM

Application Version : 4.51.1000

Core Rules Database Version : 6090
Trace Rules Database Version: 3902

Scan type : Complete Scan
Total Scan Time : 00:20:02

Memory items scanned : 470
Memory threats detected : 0
Registry items scanned : 6361
Registry threats detected : 0
File items scanned : 6897
File threats detected : 288

Adware.Tracking Cookie
   C:\Documents and Settings\Administrator.YOUR-PD3MH0ABGS\Cookies\administrator@doubleclick[1].txt
   media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QWVXMUSB ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\QWVXMUSB ]
   C:\Documents and Settings\LocalService\Cookies\system@azjmp[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@247realmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@clicksor[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@kontera[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@dmtracker[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@admarketplace[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@intermundomedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@interclick[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@specificmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@technoratimedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@atwola[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@adserving[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@viewablemedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@for-the-furry-family-member[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@chitika[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@eyewonder[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@entrepreneur[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@andomedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@trafficengine[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@myroitracking[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@solvemedia[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@findology[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@lfstmedia[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
   C:\Documents and Settings\LocalService\Cookies\system@revsci[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@imbizprostracking[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt
   C:\Documents and Settings\LocalService\Cookies\system@collective-media[2].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
   convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\SHB2ZNDP ]
   C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@indianfriendfinder[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@germanfriendfinder[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adecn[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@clicksor[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@kontera[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@azjmp[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adtechus[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@stats[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adultfriendfinder[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@admarketplace[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atwola[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adserving[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@crackle[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@clicksense[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@andomedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adcentriconline[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@bizrate[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@n-traffic[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@ProAccount[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@clickbank[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@hitbox[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@eyeviewads[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adsense[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adsense[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adsense[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@edgeadx[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@seacountryhomes[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@businessfind[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@theclickcheck[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt

Alvarezz · « **Reply #3 on:** April 28, 2011, 10:23:46 PM »

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6408

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/20/2011 6:35:05 PM
mbam-log-2011-04-20 (18-35-05).txt

Scan type: Quick scan
Objects scanned: 201611
Time elapsed: 37 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\my computer\my documents\downloads\antispy2011setup.exe (Spyware.Agent) -> Not selected for removal.

Alvarezz · « **Reply #4 on:** April 28, 2011, 10:30:37 PM »

DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by My Computer at 21:25:29.28 on Thu 04/28/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.144 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Desktop\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\My Computer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = facebook.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\my computer\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [showicon2k] c:\program files\\em\bay reader\Shwicon2k.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CHotkey] zHotkey.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\mycomp~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\documents and settings\my computer\desktop\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\my computer\desktop\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-29 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-12-28 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-12-28 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-12-28 28232]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\my computer\desktop\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\my computer\desktop\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-29 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-29 61960]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-12-28 1283400]
R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-12-28 3364680]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600AB-00DYA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8426C555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x842727b0]; MOV EAX, [0x8427282c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x842D25E0]
3 CLASSPNP[0xF74C7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000060[0x84321F18]
5 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E37D5] -> [0x842D3030]
\Driver\atapi[0x842BCF38] -> IRP_MJ_CREATE -> 0x8426C555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600AB-00DYA0_____________________15.05R15#4457572d414d4b45393139383038_030_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8426C39B
user & kernel MBR OK
copy of MBR has been found in sector 60 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:28:34.08 ===============

Alvarezz · « **Reply #5 on:** April 28, 2011, 10:32:34 PM »

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2010 7:19:26 PM
System Uptime: 4/28/2011 8:19:53 PM (1 hours ago)
.
Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2205/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 126.836 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/13/2011 4:09:44 PM - System Checkpoint
RP2: 3/27/2011 4:52:53 AM - System Checkpoint
RP3: 3/28/2011 5:24:02 AM - System Checkpoint
RP4: 4/5/2011 3:11:18 AM - System Checkpoint
RP5: 4/7/2011 10:53:42 AM - System Checkpoint
RP6: 4/8/2011 12:19:44 PM - System Checkpoint
RP7: 4/9/2011 12:25:50 PM - System Checkpoint
RP8: 4/10/2011 1:23:56 PM - System Checkpoint
RP9: 4/11/2011 2:23:07 PM - System Checkpoint
RP10: 4/12/2011 3:23:09 PM - System Checkpoint
RP11: 4/13/2011 4:23:14 PM - System Checkpoint
RP12: 4/14/2011 5:23:13 PM - System Checkpoint
RP13: 4/15/2011 6:17:32 PM - System Checkpoint
RP14: 4/19/2011 11:06:49 PM - System Checkpoint
RP15: 4/20/2011 7:07:35 PM - Removed Norton WMI Update
RP16: 4/22/2011 10:57:24 PM - System Checkpoint
RP17: 4/23/2011 11:19:23 PM - System Checkpoint
RP18: 4/28/2011 8:49:02 PM - System Checkpoint
.
==== Installed Programs ======================
.
56Kbps Internal Modem
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BigFix
Bonjour
CCleaner
CompuServe
Easy CD & DVD Creator 6
eMachines Bay Reader V1.00
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
ICQ
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
LimeWire 5.5.9
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Works 7.0
Multimedia Keyboard Driver
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Online Armor 4.0
PowerDVD
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Winamp (remove only)
Windows Backup Utility
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows Movie Maker 2.0
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.2
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
4/28/2011 9:25:48 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
4/23/2011 12:32:37 AM, error: System Error [1003] - Error code 1000000a, parameter1 760c7d3b, parameter2 00000002, parameter3 00000000, parameter4 804eb55b.
4/23/2011 12:31:06 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ZuneBusEnum service.
4/22/2011 9:09:58 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================

SuperDave · « **Reply #6 on:** April 29, 2011, 01:05:19 PM »

Congratulations, you now have the latest malware on the block.

It's very important that you install the Recovery Console. We will need it to make the repairs.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

Alvarezz · « **Reply #7 on:** May 03, 2011, 01:19:13 AM »

ComboFix 11-05-02.04 - My Computer 05/02/2011 23:07:26.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.180 [GMT -7:00]
Running from: c:\documents and settings\My Computer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.YOUR-PD3MH0ABGS\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\My Computer\WINDOWS
.
---- Previous Run -------
.
c:\documents and settings\My Computer\Local Settings\Application Data\{3607BFB3-212A-4B6A-B137-72C172B48025}
c:\documents and settings\My Computer\Local Settings\Application Data\{3607BFB3-212A-4B6A-B137-72C172B48025}\chrome\content\_cfg.js
c:\documents and settings\My Computer\Local Settings\Application Data\{3607BFB3-212A-4B6A-B137-72C172B48025}\chrome\content\overlay.xul
c:\documents and settings\My Computer\Local Settings\Application Data\{3607BFB3-212A-4B6A-B137-72C172B48025}\install.rdf
C:\mydnswatch
c:\windows\system32\config\systemprofile\WINDOWS
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-01 13:23 . 2011-05-01 13:23   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-04-05 12:39 . 2011-04-05 12:39   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2011-04-05 12:39 . 2011-04-05 12:39   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-28 20:09 . 2010-12-29 07:18   137656   ----a-w-   c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"showicon2k"="c:\program files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 135168]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-24 319488]
"nwiz"="nwiz.exe" [2003-05-02 323584]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"CHotkey"="zHotkey.exe" [2003-06-03 496640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\My Computer\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-5-26 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2003-4-23 1742384]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\My Computer\Desktop\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\documents and settings\My Computer\Desktop\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [12/28/2010 10:13 PM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [12/28/2010 10:13 PM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [12/28/2010 10:13 PM 28232]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\My Computer\Desktop\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\My Computer\Desktop\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/29/2010 12:18 AM 135336]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [12/28/2010 10:13 PM 1283400]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [12/28/2010 10:13 PM 3364680]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RSVP
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416578812-2000117343-1721848206-1005Core.job
- c:\documents and settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-16 03:51]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416578812-2000117343-1721848206-1005UA.job
- c:\documents and settings\My Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-16 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = facebook.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local;<local>
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 23:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(452)
c:\documents and settings\My Computer\Desktop\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3836)
c:\program files\Emsisoft\Online Armor\OAwatch.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-02 23:26:37
ComboFix-quarantined-files.txt 2011-05-03 06:26
.
Pre-Run: 135,839,006,720 bytes free
Post-Run: 136,443,482,112 bytes free
.
- - End Of File - - E9CD61868BBB5276D010EABBBA691899

SuperDave · « **Reply #8 on:** May 03, 2011, 11:56:28 AM »

I'm assuming that you installed the Recovery Console. If you didn't install it, this won't work.

Earlier on, ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter

Next type FIXMBR

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now. Also, please run another scan with DDS and post the logs.

Alvarezz · « **Reply #9 on:** May 03, 2011, 09:38:17 PM »

Ok. I followed the directions for using the recovery console. Everything seems fine, but the desktop takes a while(about 5 minutes) to load.

DDS Notepad

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by My Computer at 20:20:11.78 on Tue 05/03/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.91 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\My Computer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = facebook.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = ;*.local;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
mRun: [showicon2k] c:\program files\\em\bay reader\Shwicon2k.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CHotkey] zHotkey.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\mycomp~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\documents and settings\my computer\desktop\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\documents and settings\my computer\desktop\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-29 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-12-28 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-12-28 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-12-28 28232]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\my computer\desktop\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\my computer\desktop\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-29 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-29 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-29 61960]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-12-28 1283400]
R2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-12-28 3364680]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
.
=============== Created Last 30 ================
.
2011-05-03 12:43:30 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-03 12:42:44 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-03 00:24:39 98816 ----a-w- c:\windows\sed.exe
2011-05-03 00:24:39 89088 ----a-w- c:\windows\MBR.exe
2011-05-03 00:24:39 256512 ----a-w- c:\windows\PEV.exe
2011-05-03 00:24:39 161792 ----a-w- c:\windows\SWREG.exe
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 13:51:57 81920 ------w- c:\windows\system32\ieencode.dll
2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 12:37:38 369664 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
.
============= FINISH: 20:21:52.34 ===============

Alvarezz · « **Reply #10 on:** May 03, 2011, 09:39:02 PM »

Attach Notepad

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/14/2010 7:19:26 PM
System Uptime: 5/3/2011 6:57:17 PM (2 hours ago)
.
Motherboard: First International Computer, Inc. | | AU31
Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2204/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 126.414 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/13/2011 4:09:44 PM - System Checkpoint
RP2: 3/27/2011 4:52:53 AM - System Checkpoint
RP3: 3/28/2011 5:24:02 AM - System Checkpoint
RP4: 4/5/2011 3:11:18 AM - System Checkpoint
RP5: 4/7/2011 10:53:42 AM - System Checkpoint
RP6: 4/8/2011 12:19:44 PM - System Checkpoint
RP7: 4/9/2011 12:25:50 PM - System Checkpoint
RP8: 4/10/2011 1:23:56 PM - System Checkpoint
RP9: 4/11/2011 2:23:07 PM - System Checkpoint
RP10: 4/12/2011 3:23:09 PM - System Checkpoint
RP11: 4/13/2011 4:23:14 PM - System Checkpoint
RP12: 4/14/2011 5:23:13 PM - System Checkpoint
RP13: 4/15/2011 6:17:32 PM - System Checkpoint
RP14: 4/19/2011 11:06:49 PM - System Checkpoint
RP15: 4/20/2011 7:07:35 PM - Removed Norton WMI Update
RP16: 4/22/2011 10:57:24 PM - System Checkpoint
RP17: 4/23/2011 11:19:23 PM - System Checkpoint
RP18: 4/28/2011 8:49:02 PM - System Checkpoint
RP19: 4/29/2011 9:24:24 PM - System Checkpoint
RP20: 5/2/2011 12:08:18 AM - System Checkpoint
RP21: 5/3/2011 3:00:26 AM - Software Distribution Service 3.0
RP22: 5/3/2011 6:22:58 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
56Kbps Internal Modem
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BigFix
Bonjour
CCleaner
CompuServe
Easy CD & DVD Creator 6
eMachines Bay Reader V1.00
Google Chrome
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
ICQ
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
LimeWire 5.5.9
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Works 7.0
Multimedia Keyboard Driver
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
Online Armor 4.0
PowerDVD
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Winamp (remove only)
Windows Backup Utility
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows Movie Maker 2.0
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.2
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
5/3/2011 6:33:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 avgio avipbb Fips OADevice SASDIFSV SASKUTIL ssmdrv
5/3/2011 6:32:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2011 10:08:52 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
4/29/2011 7:36:37 AM, error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
4/29/2011 2:48:36 PM, error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 2 time(s).
4/28/2011 9:25:48 PM, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
.
==== End Of File ===========================

SuperDave · « **Reply #11 on:** May 04, 2011, 11:54:12 AM »

Good. We'll have a look at that slow startup when we're finished with the cleaning.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Alvarezz · « **Reply #12 on:** May 08, 2011, 11:03:58 PM »

2011/05/08 22:01:40.0058 3028   TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 22:01:40.0823 3028   ================================================================================
2011/05/08 22:01:40.0823 3028   SystemInfo:
2011/05/08 22:01:40.0823 3028
2011/05/08 22:01:40.0823 3028   OS Version: 5.1.2600 ServicePack: 3.0
2011/05/08 22:01:40.0823 3028   Product type: Workstation
2011/05/08 22:01:40.0823 3028   ComputerName: GARBAGEPC
2011/05/08 22:01:40.0823 3028   UserName: My Computer
2011/05/08 22:01:40.0823 3028   Windows directory: C:\WINDOWS
2011/05/08 22:01:40.0823 3028   System windows directory: C:\WINDOWS
2011/05/08 22:01:40.0823 3028   Processor architecture: Intel x86
2011/05/08 22:01:40.0823 3028   Number of processors: 1
2011/05/08 22:01:40.0823 3028   Page size: 0x1000
2011/05/08 22:01:40.0823 3028   Boot type: Normal boot
2011/05/08 22:01:40.0823 3028   ================================================================================
2011/05/08 22:01:41.0245 3028   Initialize success
2011/05/08 22:02:04.0511 1976   ================================================================================
2011/05/08 22:02:04.0511 1976   Scan started
2011/05/08 22:02:04.0511 1976   Mode: Manual;
2011/05/08 22:02:04.0511 1976   ================================================================================
2011/05/08 22:02:04.0855 1976   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/08 22:02:04.0964 1976   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/08 22:02:05.0089 1976   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/08 22:02:05.0167 1976   AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/08 22:02:05.0448 1976   AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/05/08 22:02:05.0730 1976   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/08 22:02:05.0792 1976   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/08 22:02:05.0902 1976   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/08 22:02:06.0027 1976   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/08 22:02:06.0152 1976   avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/08 22:02:06.0183 1976   avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/08 22:02:06.0245 1976   avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/08 22:02:06.0323 1976   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/08 22:02:06.0527 1976   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/08 22:02:06.0652 1976   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/08 22:02:06.0730 1976   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/08 22:02:06.0792 1976   Cdr4_xp (cedcbeee331deffe6999b6b4162e2246) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/08 22:02:06.0823 1976   Cdralw2k (38b2f2439213fd5095f654afded23457) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/08 22:02:06.0870 1976   Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/08 22:02:06.0933 1976   cdudf_xp (294f75a9f2c3317c61f5e51325e9976c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/05/08 22:02:07.0323 1976   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/08 22:02:07.0464 1976   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/08 22:02:07.0542 1976   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/08 22:02:07.0620 1976   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/08 22:02:07.0698 1976   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/08 22:02:07.0808 1976   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/08 22:02:07.0855 1976   DVDVRRdr_xp (a2abb2a771a522b9dd57ce57d9960661) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/05/08 22:02:07.0948 1976   dvd_2K (9d6fabf24b9ac7bd2ef52d7907fd2f8e) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/05/08 22:02:08.0027 1976   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/08 22:02:08.0105 1976   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/08 22:02:08.0152 1976   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/08 22:02:08.0198 1976   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/08 22:02:08.0261 1976   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/08 22:02:08.0339 1976   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/08 22:02:08.0402 1976   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/08 22:02:08.0495 1976   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/08 22:02:08.0527 1976   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/08 22:02:08.0620 1976   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/08 22:02:08.0761 1976   HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/08 22:02:08.0808 1976   HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/08 22:02:08.0855 1976   HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/08 22:02:08.0948 1976   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/08 22:02:09.0120 1976   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/08 22:02:09.0183 1976   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/08 22:02:09.0370 1976   ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/08 22:02:09.0433 1976   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/08 22:02:09.0495 1976   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/08 22:02:09.0558 1976   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/08 22:02:09.0620 1976   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/08 22:02:09.0667 1976   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/08 22:02:09.0730 1976   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/08 22:02:09.0792 1976   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/08 22:02:09.0839 1976   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/08 22:02:09.0902 1976   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/08 22:02:10.0089 1976   mmc_2K (0ba70511363a4a148815c6e57a5f99c5) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/05/08 22:02:10.0152 1976   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/08 22:02:10.0230 1976   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/08 22:02:10.0308 1976   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/08 22:02:10.0386 1976   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/08 22:02:10.0480 1976   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/08 22:02:10.0542 1976   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/08 22:02:10.0636 1976   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/08 22:02:10.0730 1976   MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/08 22:02:10.0808 1976   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/08 22:02:10.0886 1976   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/08 22:02:10.0948 1976   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/08 22:02:11.0011 1976   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/08 22:02:11.0120 1976   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/08 22:02:11.0214 1976   Mtlmnt5 (33f438bd66f2877bbb5567e49208a346) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2011/05/08 22:02:11.0308 1976   Mtlstrm (4d98402ae75097e362cc8ed94079d94c) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2011/05/08 22:02:11.0402 1976   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/08 22:02:11.0464 1976   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/08 22:02:11.0511 1976   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/08 22:02:11.0589 1976   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/08 22:02:11.0652 1976   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/08 22:02:11.0730 1976   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/08 22:02:11.0761 1976   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/08 22:02:11.0823 1976   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/08 22:02:11.0948 1976   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/08 22:02:12.0011 1976   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/08 22:02:12.0105 1976   NtMtlFax (6af0557bbffdde15b985f2c1b82d43e0) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2011/05/08 22:02:12.0152 1976   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/08 22:02:12.0308 1976   nv (5d701fca6f7db7a8a7d21f80a84d291a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/08 22:02:12.0433 1976   nvax (3de144bf9844a8073098f3c35bcf659a) C:\WINDOWS\system32\drivers\nvax.sys
2011/05/08 22:02:12.0527 1976   NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2011/05/08 22:02:12.0573 1976   nvnforce (cac8337fb6eb6911c47e43526f6a2397) C:\WINDOWS\system32\drivers\nvapu.sys
2011/05/08 22:02:12.0636 1976   nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/05/08 22:02:12.0714 1976   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/08 22:02:12.0761 1976   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/08 22:02:12.0839 1976   OADevice (f759e5266a91e6a9ab5dd7939c6560b6) C:\WINDOWS\system32\drivers\OADriver.sys
2011/05/08 22:02:12.0886 1976   OAmon (fe6a66c9614de5e0f3e6b846a699fcae) C:\WINDOWS\system32\drivers\OAmon.sys
2011/05/08 22:02:12.0980 1976   OAnet (44bff97b3704475194380e563180b64e) C:\WINDOWS\system32\drivers\OAnet.sys
2011/05/08 22:02:13.0073 1976   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/08 22:02:13.0136 1976   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/08 22:02:13.0214 1976   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/08 22:02:13.0261 1976   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/08 22:02:13.0355 1976   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/08 22:02:13.0433 1976   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/08 22:02:13.0855 1976   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/08 22:02:13.0886 1976   Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/08 22:02:13.0980 1976   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/08 22:02:14.0058 1976   pwd_2k (a69812bcdf900f99e3ace4c38a3aefb2) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/05/08 22:02:14.0339 1976   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/08 22:02:14.0402 1976   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/08 22:02:14.0464 1976   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/08 22:02:14.0542 1976   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/08 22:02:14.0605 1976   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/08 22:02:14.0652 1976   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/08 22:02:14.0745 1976   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/08 22:02:14.0839 1976   RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\System32\DRIVERS\RecAgent.sys
2011/05/08 22:02:14.0933 1976   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/08 22:02:15.0152 1976   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Documents and Settings\My Computer\Desktop\SASDIFSV.SYS
2011/05/08 22:02:15.0167 1976   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Documents and Settings\My Computer\Desktop\SASKUTIL.SYS
2011/05/08 22:02:15.0277 1976   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/08 22:02:15.0370 1976   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/08 22:02:15.0433 1976   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/08 22:02:15.0495 1976   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/08 22:02:15.0636 1976   Slntamr (769d8f1c7bbdb5c0c1eb157575dad0ba) C:\WINDOWS\system32\DRIVERS\slntamr.sys
2011/05/08 22:02:15.0714 1976   SlNtHal (edd0bcb2b8548a95b2633c249bfaeec7) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2011/05/08 22:02:15.0777 1976   SlWdmSup (3b4a3b282f62fe5d75127d22b26909ed) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2011/05/08 22:02:15.0886 1976   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/08 22:02:15.0964 1976   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/08 22:02:16.0042 1976   Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/08 22:02:16.0120 1976   ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/08 22:02:16.0214 1976   SunkFilt (b8d1921f4cd9fc75e22c4c9c65ff950d) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/05/08 22:02:16.0277 1976   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/08 22:02:16.0323 1976   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/08 22:02:16.0573 1976   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/08 22:02:16.0636 1976   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/08 22:02:16.0730 1976   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/08 22:02:16.0808 1976   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/08 22:02:16.0855 1976   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/08 22:02:17.0027 1976   UdfReadr_xp (8d719ae3cc449768963a6a1f7ff4b769) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/05/08 22:02:17.0105 1976   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/08 22:02:17.0214 1976   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/08 22:02:17.0339 1976   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/08 22:02:17.0386 1976   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/08 22:02:17.0448 1976   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/08 22:02:17.0495 1976   usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/08 22:02:17.0542 1976   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/08 22:02:17.0589 1976   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/08 22:02:17.0636 1976   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/08 22:02:17.0730 1976   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/08 22:02:17.0839 1976   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/08 22:02:18.0011 1976   Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/08 22:02:18.0214 1976   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/08 22:02:18.0323 1976   WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/05/08 22:02:18.0448 1976   WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/08 22:02:18.0511 1976   WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/08 22:02:18.0589 1976   zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/05/08 22:02:18.0792 1976   ================================================================================
2011/05/08 22:02:18.0792 1976   Scan finished
2011/05/08 22:02:18.0792 1976   ================================================================================

SuperDave · « **Reply #13 on:** May 09, 2011, 04:37:08 PM »

P2P - I see you have P2P software installed on your machine (LimeWire 5.5.9). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Alvarezz · « **Reply #14 on:** May 09, 2011, 07:06:35 PM »

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Online Armor 4.0
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avguard.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
``````````End of Log````````````

SuperDave · « **Reply #15 on:** May 10, 2011, 01:17:07 PM »

Are you still getting the google re-directs?

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Alvarezz · « **Reply #16 on:** May 16, 2011, 11:41:48 PM »

No Google re-directs so far.
I installed the newest version of Java.
The ESET scanner did not find any threats

SuperDave · « **Reply #17 on:** May 17, 2011, 11:59:37 AM »

Good. Let's do some cleanup.
You can try this to fix the slow startup. How much time are talking about?

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

****************************************************
To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Alvarezz · « **Reply #18 on:** May 22, 2011, 08:50:09 PM »

I'm having trouble uninstalling ComboFix. I need to deactivate my antivirus, but my desktop(along with the taskbar and start button) is not showing up. It would usually show up in about three minutes, but recently its just stopped appearing.

SuperDave · « **Reply #19 on:** May 23, 2011, 11:42:12 AM »

Quote

I'm having trouble uninstalling ComboFix. I need to deactivate my antivirus

You don't have to disable your AV to remove ComboFix.

Quote

but my desktop(along with the taskbar and start button) is not showing up. It would usually show up in about three minutes, but recently its just stopped appearing.

Did this just start to happen recently or has it been doing it all along?

Alvarezz · « **Reply #20 on:** May 23, 2011, 06:29:07 PM »

Ok I ran all the programs and uninstalled ComboFix.

Quote

Did this just start to happen recently or has it been doing it all along?

It has been happening all along.

SuperDave · « **Reply #21 on:** May 24, 2011, 01:08:51 PM »

Quote

It has been happening all along.

I don't believe this is a malware issue. You should create a new thread in the proper software forum concerning this.
Can you give me a screenprint of this?
How to post screenshots or images

Alvarezz · « **Reply #22 on:** May 24, 2011, 07:32:35 PM »

Thanks for the help so far SuperDave.

Notice that the Start menu, desktop items, and taskbar are all gone.
Task Manager is the only way for me to open applications/programs

Uploaded with ImageShack.us

SuperDave · « **Reply #23 on:** May 25, 2011, 06:29:20 PM »

I see. Let's try this.

Please download Unhide by Grinler from here and save it to your desktop.
Double click unhide.exe to run the tool.
It will take some time to go through all your files, so please be patient.
If this tool doesn´t fix the problem, please let me know.

Alvarezz · « **Reply #24 on:** May 26, 2011, 12:08:29 AM »

nothing happens when I click on Run.

SuperDave · « **Reply #25 on:** May 26, 2011, 01:37:53 PM »

Quote

nothing happens when I click on Run.

You're not supposed to click on Run. You're supposed to click on this: Double click unhide.exe to run the tool.

Alvarezz · « **Reply #26 on:** June 01, 2011, 09:45:23 PM »

ok its been done, but there was no effect. I have been changing settings in msconfig, and the desktop will occasionally show up. However, it only shows up on the diagnostic setting. Maybe the problem is with the settings there.

Computer Hope Forum

News:

Author Topic: Annoying Google Redirect (Read 26812 times)

Alvarezz

SuperDave

Alvarezz

Alvarezz

Alvarezz

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz

SuperDave

Alvarezz