Google redirects my webpage

[Jinxie]

I just tried linking from google again after deleting those files from spy bot.
It immediately re directed me twice before getting the right page.

[evilfantasy]

From post #10

We should run another scan to be sure it is gone. Zlob is a trojan and can be well hidden.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

1. Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter at the prompt)
2. When finished, it will produce a log for you.
3. Attach that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause your computer to stall

[Broni]

Your "hosts" file is clean....

Next step:

Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
          o Close browsers before scanning.
          o Scan for tracking cookies.
          o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
          o Click Preferences, then click the Statistics/Logs tab.
          o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
          o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
          o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.

Try Google again.

[Jinxie]

ComboFix 07-11-08.3 - Derek Smith 2007-11-18 12:17:49.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.223 [GMT -6:00]
Running from: C:\Documents and Settings\Derek Smith\Desktop\ComboFix.exe
 * Created a new restore point
.

   Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kdtsp.exe

.
(((((((((((((((((((((((((   Files Created from 2007-10-18 to 2007-11-18  )))))))))))))))))))))))))))))))
.

2007-11-18 12:16   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-11-18 02:08   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-11-17 22:15   <DIR>   d--------   C:\Program Files\a-squared Anti-Malware
2007-11-17 22:12   <DIR>   d--------   C:\Documents and Settings\Derek Smith\Application Data\Spyware Terminator
2007-11-17 22:12   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-17 22:11   <DIR>   d--------   C:\Program Files\Spyware Terminator
2007-11-17 21:29   <DIR>   d--------   C:\Documents and Settings\Derek Smith\Application Data\Comodo
2007-11-17 21:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2007-11-17 21:22   <DIR>   d--------   C:\Program Files\Comodo
2007-11-17 21:20   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-17 21:20   <DIR>   d--------   C:\Documents and Settings\Derek Smith\Application Data\AVG7
2007-11-17 21:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 21:19   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2007-11-16 20:57   <DIR>   d--------   C:\Program Files\Trend Micro
2007-11-16 19:58   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2007-11-16 19:58   16,384   --a------   C:\WINDOWS\system32\FileOps.exe
2007-11-16 19:57   <DIR>   d--------   C:\Snap-on
2007-11-16 16:04   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 15:56   <DIR>   d--------   C:\Program Files\Lavasoft
2007-11-16 15:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 15:55   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 03:00   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-11-14 22:04   <DIR>   d--------   C:\Documents and Settings\Derek Smith\Application Data\HP
2007-11-14 22:04   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HP
2007-11-14 22:01   <DIR>   d--------   C:\Program Files\Common Files\Sonic Shared
2007-11-14 22:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-14 21:58   <DIR>   d--------   C:\WINDOWS\system32\URTTemp
2007-11-14 21:58   <DIR>   d--------   C:\Program Files\Common Files\HP
2007-11-14 21:56   <DIR>   d--------   C:\Program Files\Hewlett-Packard
2007-11-14 21:55   <DIR>   d--------   C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 21:54   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-11-14 21:53   77,824   -ra------   C:\WINDOWS\system32\HPZIDS01.dll
2007-11-14 21:53   49,664   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2007-11-14 21:53   38,400   --a------   C:\WINDOWS\system32\hpz3l054.dll
2007-11-14 21:52   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-14 21:52   15,104   --a--c---   C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-14 21:51   306,688   --a------   C:\WINDOWS\IsUninst.exe
2007-11-14 21:51   282,680   --a------   C:\WINDOWS\system32\HPZidr12.dll
2007-11-14 21:51   204,800   --a------   C:\WINDOWS\system32\HPZipr12.dll
2007-11-14 21:51   94,208   --a------   C:\WINDOWS\system32\HPZipt12.dll
2007-11-14 21:51   69,632   --a------   C:\WINDOWS\system32\HPZipm12.exe
2007-11-14 21:51   65,536   --a------   C:\WINDOWS\system32\HPZinw12.exe
2007-11-14 21:51   57,344   --a------   C:\WINDOWS\system32\HPZisn12.dll
2007-11-14 21:50   <DIR>   d--------   C:\Program Files\HP
2007-11-14 21:50   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-14 21:50   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-14 21:50   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-14 21:50   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-14 21:50   25,856   --a--c---   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-14 21:47   117,094   --a------   C:\WINDOWS\hpoins11.dat
2007-11-11 21:12   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2007-11-11 21:12   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2007-11-11 11:40   <DIR>   d--------   C:\WINDOWS\Sun
2007-11-11 11:40   <DIR>   d--------   C:\Program Files\Java
2007-11-11 11:39   <DIR>   d--------   C:\Program Files\Common Files\Java
2007-11-10 14:46   <DIR>   d--------   C:\Program Files\Winamp
2007-11-10 14:46   <DIR>   d--------   C:\Documents and Settings\Derek Smith\Application Data\Winamp
2007-11-10 14:40   <DIR>   d--------   C:\Program Files\Winamp Remote
2007-11-10 14:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-10 14:28   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2007-11-10 14:28   22,752   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-11-10 14:24   <DIR>   d--------   C:\Program Files\DivX
2007-11-10 14:22   <DIR>   d---s----   C:\Documents and Settings\Derek Smith\UserData
2007-11-10 14:11   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-11-10 14:10   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-11-10 14:10   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-11-10 14:10   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-11-10 14:06   145,408   -ra------   C:\WINDOWS\system32\drivers\e100b325.sys
2007-11-10 14:06   145,408   --a--c---   C:\WINDOWS\system32\dllcache\e100b325.sys
2007-11-10 14:06   118,784   -ra------   C:\WINDOWS\system32\Prounstl.exe
2007-11-10 14:06   102,400   -ra------   C:\WINDOWS\system32\drivers\ianswxp.sys
2007-11-10 14:06   24,064   -ra------   C:\WINDOWS\system32\IntelNic.dll
2007-11-10 14:06   12,288   -ra------   C:\WINDOWS\system32\e100bmsg.dll
2007-11-10 14:05   82,944   --a------   C:\WINDOWS\system32\drivers\wdmaud.sys
2007-11-10 14:05   82,944   --a--c---   C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-11-10 14:05   6,400   --a------   C:\WINDOWS\system32\drivers\splitter.sys
2007-11-10 14:05   6,400   --a--c---   C:\WINDOWS\system32\dllcache\splitter.sys
2007-11-10 14:04   <DIR>   d--------   C:\Program Files\Analog Devices
2007-11-10 14:00   155,648   --a------   C:\WINDOWS\system32\igfxres.dll
2007-10-19 18:56   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-10-19 18:56   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-10-19 18:56   524,288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-10-19 18:56   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-10-19 18:54   823,296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-10-19 18:54   823,296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-10-19 18:54   802,816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-10-19 18:54   739,840   --a------   C:\WINDOWS\system32\DivX.dll
2007-10-19 18:54   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-10-19 18:54   81,920   --a------   C:\WINDOWS\system32\dpl100.dll
2007-10-18 03:06   156,992   --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 03:03   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 03:03   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-10-18 03:03   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-10-18 03:03   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-10-18 03:03   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-10-18 03:03   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 03:02   12,288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 01:57   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-17 01:57   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2007-11-10 20:05   ---------   d-----w   C:\Program Files\Intel
2007-11-10 19:47   ---------   d-----w   C:\Program Files\microsoft frontpage
2007-10-20 00:56   43,528   ------w   C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-02-19 09:28   12,288   ----a-w   C:\WINDOWS\Fonts\RandFont.dll

[Jinxie]

2nd part....file was too big...

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-12-14 10:20]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-12-14 10:07]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-09 23:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-22 18:47]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]


.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 12:38:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 12:39:42 - machine was rebooted
.
   --- E O F ---

[evilfantasy]

I see you had installed a-squared, did it find anything?

Is the problem still there?

[Jinxie]

So far, so good. I think combofix may have done the trick.

Now that I have like 8 or more additional programs on my computer, which ones should I keep? Which ones should I delete? Which ones should I setup to do regulat scans?

Thanks for the help!!

[Broni]

Obviously your firewall, and your antivirus.
Keep "a-squared", and "Spyware Terminator", because they give you real time protection.
For occasional use have Spybot, and Ad-aware on hand. Once a month, should be plenty.

I'm glad, your puter is back to normal.

[evilfantasy]

In addition to what Broni has suggested you might want to look at WinPatrol 2007 WinPatrol 2007 is free. There is also a WinPatrol Plus but it is not free.

As a robust SECURITY MONITOR, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.

=====

IMPORTANT STEP!

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

=====

Last is a read from Tony Klein which has some great tips for tightening security. So how did I get infected in the first place?

Safe surfing.....

[Jinxie]

Thanks again for the help! Everything is still working great!!

[Broni]

We're happy for you