Windowsupdate redirects to google

[Cheydurie]

Combofix ran the script here is the new log

ComboFix 09-04-01.01 - Gene 2009-04-02 14:28:53.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1023.674 [GMT -7:00]
Running from: c:\documents and settings\Gene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gene\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090402-1] *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-03-02 to 2009-04-02  )))))))))))))))))))))))))))))))
.

2009-04-02 13:12 . 2009-04-02 13:12   <DIR>   d--------   C:\_OTMoveIt
2009-04-02 12:47 . 2009-04-02 12:47   <DIR>   d--------   c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-01 20:03 . 2009-04-01 20:03   <DIR>   d--------   c:\program files\Alwil Software
2009-04-01 14:27 . 2009-04-01 14:27   <DIR>   d--------   c:\program files\Trend Micro
2009-04-01 13:32 . 2009-04-01 14:03   <DIR>   d--------   c:\windows\system32\CatRoot_bak
2009-04-01 10:47 . 2009-04-01 10:47   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 10:46 . 2009-04-01 10:46   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-04-01 10:46 . 2009-04-01 10:46   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-04-01 10:46 . 2009-04-01 10:46   <DIR>   d--------   c:\documents and settings\Gene\Application Data\SUPERAntiSpyware.com
2009-04-01 10:12 . 2009-04-01 10:12   <DIR>   d--------   c:\program files\CCleaner
2009-04-01 09:44 . 2009-04-01 09:44   54,156   --ah-----   c:\windows\QTFont.qfn
2009-04-01 09:44 . 2009-04-01 09:44   1,409   --a------   c:\windows\QTFont.for
2009-03-31 22:35 . 2009-03-31 22:35   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-31 22:35 . 2009-03-31 22:35   <DIR>   d--------   c:\documents and settings\Gene\Application Data\Malwarebytes
2009-03-31 22:35 . 2009-03-31 22:35   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 22:35 . 2009-03-26 16:49   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-31 22:35 . 2009-03-26 16:49   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-30 16:01 . 2006-02-28 05:00   811,064   --a------   c:\windows\system32\imjp81k.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 21:32   ---------   d-----w   c:\program files\DNA
2009-04-02 21:32   ---------   d-----w   c:\documents and settings\Gene\Application Data\DNA
2009-04-02 03:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 21:21   ---------   d-----w   c:\program files\Java
2009-04-01 16:48   ---------   d-----w   c:\program files\Starry Night Orion Special Edition
2009-03-31 19:50   ---------   d-----w   c:\documents and settings\Gene\Application Data\Hoyle Card Games
2009-03-31 04:11   ---------   d-----w   c:\program files\World of Warcraft
2009-03-28 00:50   ---------   d-----w   c:\program files\CompuPic
2009-03-23 23:41   ---------   d-----w   c:\documents and settings\Gene\Application Data\TaxCut
2009-03-23 23:41   ---------   d-----w   c:\documents and settings\All Users\Application Data\pdf995
2009-03-22 19:47   ---------   d-----w   c:\documents and settings\All Users\Application Data\TaxCut
2009-03-21 22:15   ---------   d-----w   c:\program files\Cool2000
2009-03-09 00:34   ---------   d-----w   c:\program files\Savings Bond Wizard
2009-03-03 20:10   ---------   d-----w   c:\documents and settings\Gene\Application Data\OpenOffice.org2
2009-02-25 00:52   ---------   d-----w   c:\documents and settings\Gene\Application Data\Hoyle Blackjack
2009-02-07 18:46   ---------   d-----w   c:\program files\Google
2009-02-02 20:21   ---------   d-----w   c:\documents and settings\Gene\Application Data\BitTorrent
2008-10-13 02:40   24   ----a-w   c:\documents and settings\Gene\jagex_runescape_preferences.dat
2008-08-12 23:35   7,670,000   ----a-w   c:\documents and settings\Gene\QuickCareSetup2.exe
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-02_14.00.18.26   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 21:31:48   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2009-04-02 21:31:38   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_5ec.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
"SansaDispatch"="c:\documents and settings\Gene\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-01-22 79872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-30 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
TV883LP Remote Control.lnk - c:\program files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe [2006-07-09 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"quickcare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
R2 CX88XBAR;V-Stream TV88X Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2006-07-09 9472]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9d5faa8-bcbe-11dd-b95d-00301b3e2316}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 08:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1060284298-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,55,b7,97,4d,51,fb,d7,89,28,0f,f5,c0,23,b4,43,19,db,c4,9a,3f,a8,a1,
   69,fa,33,0c,6d,b6,cb,5e,37,12,46,0f,2f,a3,4d,d2,04,a9,74,dc,d8,f8,5b,a9,a7,\
"??"=hex:2b,1a,85,4d,cf,ed,18,b4,75,a3,39,c7,1a,5b,5d,b6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 14:34:20 - machine was rebooted
ComboFix-quarantined-files.txt  2009-04-02 21:34:18
ComboFix2.txt  2009-04-02 21:01:03

Pre-Run: 21,404,217,344 bytes free
Post-Run: 21,387,829,248 bytes free

147   --- E O F ---   2007-12-12 16:20:50

[evilfantasy]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
.
The above procedure will:

• Delete: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt3

----------

Run CCleaner.

How is the computer running now?

[Cheydurie]

finished clean up  computer can access windows update again and seems to be running good.
thx for the help is there anything else we need to do

also is avast mainly a av software or is it maleware  and or spyware software
as i think malewarebytes and sas are for running manually if avast is not for spy ware  is there a program you recommend that can run in the background realtime?one that is compatible with avast?

[evilfantasy]

I use avast and it is very good.

Here are a few more suggestions and software to help keep you safe.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Cheydurie]

ok ill check these out.
im going to do windows update first get sp3 ect.
thx again for the help  is there any thing i can do to thankyou for the help or is there anything else we need to do?

[evilfantasy]

I think we are done now.

Let me know if anything else comes up...

[Cheydurie]

thankyou very much evil you  and CHF rock

[evilfantasy]

Your welcome.

Safe surfing...