Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Thanks in Advance

Started by free_spirit_etc , Jul 04 2010 05:14 PM

  • This topic is locked This topic is locked
18 replies to this topic

#1 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 04 July 2010 - 05:14 PM

I have had some trouble with my browser redirecting. My computer also is slower. And my Windows Update keeps telling me I need to update something that I have already installed multiple times. Here is my log: DDS (Ver_09-06-26.01) - NTFSx86 Run by Semproni at 18:04:24.40 on Sun 07/04/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.52 [GMT -5:00] AV: avast! antivirus 4.8.1368 [VPS 100704-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe C:\WINDOWS\System32\svchost.exe -k eapsvcs svchost.exe C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Semproni\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: IE to Lightning Helper: {f1ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\lightning download\LD_Catch.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - No File TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238528926738 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\semproni\applic~1\mozilla\firefox\profiles\on0wtzl9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q= FF - component: c:\documents and settings\semproni\application data\mozilla\firefox\profiles\on0wtzl9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\semproni\application data\mozilla\firefox\profiles\on0wtzl9.default\extensions\{771f3037-9885-4423-b50f-a5ede4854e26}\components\Engine.dll FF - component: c:\documents and settings\semproni\application data\mozilla\firefox\profiles\on0wtzl9.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll FF - component: c:\documents and settings\semproni\application data\mozilla\firefox\profiles\on0wtzl9.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {82F0946B-789C-4C5E-ABE1-C6B437944A51} - c:\documents and settings\semproni\local settings\application data\{82F0946B-789C-4C5E-ABE1-C6B437944A51} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1"); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-14 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-22 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-22 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-6-27 10384] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-22 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-22 352920] R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2008-2-26 37504] S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?] S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-05-16 20:53 411,368 a------- c:\windows\system32\deployJava1.dll 2010-05-06 05:41 916,480 a------- c:\windows\system32\wininet.dll 2010-05-02 00:22 1,851,264 a------- c:\windows\system32\win32k.sys 2010-04-20 00:30 285,696 a------- c:\windows\system32\atmfd.dll 2009-04-28 12:17 131,829 a------- c:\program files\E1704C.zip 2009-03-14 17:35 149,353,184 a------- c:\program files\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe 2008-12-17 11:51 7,518,240 a------- c:\program files\Firefox Setup 3.0.5.exe 2008-11-12 00:50 449,043 a------- c:\program files\RegSeeker.zip 2006-11-17 23:24 66,046 a------- c:\program files\Dupe_Free_0_NO_VISTA.ico 2003-09-16 01:19 99,544 a------- c:\windows\inf\virprn.exe 2003-09-16 01:19 18,950 a------- c:\windows\inf\virpntd.dll 2003-09-16 01:19 10,240 a------- c:\windows\inf\virport.dll 2003-09-16 01:19 90,624 a------- c:\windows\inf\prtproc.dll 2001-11-23 13:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL 2009-06-14 01:37 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-09-22 18:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat ============= FINISH: 18:05:47.43 ===============

Attached Files


Think Outside The Box

    Advertisements

Register to Remove

#2 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 04 July 2010 - 06:08 PM

Hello free_spirit_etc and welcome to WhatTheTech. Please follow these guidelines:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please follow my instructions carefully and in the order they are posted.
  • Any underlined text in my posts indicates a clickable link.
  • You should print any instructions I give you for ease of use and reference.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • GMER log

If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#3 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 04 July 2010 - 08:24 PM

That was fast! Attached is the gmer log

Attached Files

  • Attached File  Gmer.txt   3.61KB   369 downloads

Think Outside The Box

#4 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 04 July 2010 - 09:59 PM

Are you being redirected in IE, Firefox or both?
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#5 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 05 July 2010 - 01:38 AM

Are you being redirected in IE, Firefox or both?


I am not sure about IE. I rarely use it. I use Firefox most of the time - and am being redirected on it.
I am redirected on the search results. I click on the link of the search results and am sent to another page. It only redirects me once. If I click back and click on the link again, it takes me to the page I wanted.

ETA: I have been trying IE today and have, thus far, not been redirected on that. But it is hard to tell because I don't get redirected all the time on Firefox, only on occasion.

Thanks!

Edited by free_spirit_etc, 05 July 2010 - 12:36 PM.

Think Outside The Box

#6 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 05 July 2010 - 03:28 PM

free_spirit_etc,

Posted Image Download TDSSKiller and save it to your Desktop.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Please post the content of that log TDSSKiller
Posted Image Please download GooredFixfrom one of the locations below and save it to your desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please include the following in your next post:
  • TDSSKiller log
  • GooredFix log

If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#7 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 05 July 2010 - 11:01 PM

23:39:10:000 1844 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 23:39:10:000 1844 ================================================================================ 23:39:10:000 1844 SystemInfo: 23:39:10:000 1844 OS Version: 5.1.2600 ServicePack: 3.0 23:39:10:000 1844 Product type: Workstation 23:39:10:000 1844 ComputerName: SEPRONI-D392BF7 23:39:10:000 1844 UserName: Semproni 23:39:10:000 1844 Windows directory: C:\WINDOWS 23:39:10:000 1844 System windows directory: C:\WINDOWS 23:39:10:000 1844 Processor architecture: Intel x86 23:39:10:000 1844 Number of processors: 1 23:39:10:000 1844 Page size: 0x1000 23:39:10:000 1844 Boot type: Normal boot 23:39:10:000 1844 ================================================================================ 23:39:10:984 1844 Initialize success 23:39:10:984 1844 23:39:10:984 1844 Scanning Services ... 23:39:11:531 1844 Raw services enum returned 348 services 23:39:11:546 1844 23:39:11:546 1844 Scanning Drivers ... 23:39:13:187 1844 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys 23:39:13:250 1844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 23:39:13:281 1844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 23:39:13:359 1844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 23:39:13:390 1844 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 23:39:13:437 1844 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 23:39:13:531 1844 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 23:39:13:593 1844 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 23:39:13:609 1844 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys 23:39:13:640 1844 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys 23:39:13:671 1844 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys 23:39:13:703 1844 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys 23:39:13:734 1844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 23:39:13:781 1844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 23:39:13:828 1844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 23:39:13:859 1844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 23:39:13:890 1844 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys 23:39:13:921 1844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 23:39:14:015 1844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 23:39:14:062 1844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 23:39:14:093 1844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 23:39:14:109 1844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 23:39:14:203 1844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 23:39:14:265 1844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 23:39:14:312 1844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 23:39:14:375 1844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 23:39:14:406 1844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 23:39:14:437 1844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 23:39:14:468 1844 ES1370 (593eeffe042712b22f9e54e640f87ce6) C:\WINDOWS\system32\drivers\ES1370MP.sys 23:39:14:515 1844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 23:39:14:546 1844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 23:39:14:562 1844 FET5X86V (e1a2c1ea4d95fb7518b96ccf80538532) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 23:39:14:593 1844 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 23:39:14:625 1844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 23:39:14:640 1844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 23:39:14:687 1844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 23:39:14:703 1844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 23:39:14:734 1844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 23:39:14:765 1844 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 23:39:14:796 1844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 23:39:14:828 1844 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 23:39:14:875 1844 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 23:39:14:890 1844 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 23:39:14:921 1844 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 23:39:14:953 1844 HSFHWBS2 (e53970b0d5614f0b1220e35052828cc3) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 23:39:15:031 1844 HSF_DP (7129d0662665b2442898a0ef8fc85bb5) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 23:39:15:125 1844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 23:39:15:203 1844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 23:39:15:234 1844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 23:39:15:296 1844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 23:39:15:328 1844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 23:39:15:375 1844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 23:39:15:437 1844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 23:39:15:546 1844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 23:39:15:656 1844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 23:39:15:703 1844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 23:39:15:750 1844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 23:39:15:781 1844 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 23:39:15:812 1844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 23:39:15:859 1844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 23:39:15:890 1844 L8042Kbd (d8d3f1c1e82117a3776a2d320a7b3694) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 23:39:15:921 1844 L8042mou (5262222fb4a7b57b48115016ccfd1f4c) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 23:39:15:953 1844 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys 23:39:16:015 1844 LBeepKE (e254e5b2c5227ddbb47d045940a0a559) C:\WINDOWS\system32\Drivers\LBeepKE.sys 23:39:16:062 1844 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 23:39:16:093 1844 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 23:39:16:125 1844 LMouKE (96062ec1f26f08ebe056c026667744dd) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 23:39:16:140 1844 LUsbFilt (0b808ff2f17c8396fb2ae202f75aed37) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 23:39:16:171 1844 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 23:39:16:203 1844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 23:39:16:234 1844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 23:39:16:265 1844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 23:39:16:312 1844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 23:39:16:343 1844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 23:39:16:375 1844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 23:39:16:421 1844 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 23:39:16:453 1844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 23:39:16:484 1844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 23:39:16:515 1844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 23:39:16:546 1844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 23:39:16:578 1844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 23:39:16:609 1844 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 23:39:16:640 1844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 23:39:16:687 1844 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys 23:39:16:734 1844 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 23:39:16:765 1844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 23:39:16:796 1844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 23:39:16:812 1844 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 23:39:16:828 1844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 23:39:16:859 1844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 23:39:16:890 1844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 23:39:16:937 1844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 23:39:17:000 1844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 23:39:17:078 1844 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 23:39:17:203 1844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 23:39:17:250 1844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 23:39:17:281 1844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 23:39:17:296 1844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 23:39:17:328 1844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 23:39:17:343 1844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 23:39:17:390 1844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 23:39:17:484 1844 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys 23:39:17:515 1844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 23:39:17:546 1844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 23:39:17:578 1844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 23:39:17:640 1844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 23:39:17:671 1844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 23:39:17:703 1844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 23:39:17:734 1844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 23:39:17:750 1844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 23:39:17:781 1844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 23:39:17:796 1844 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 23:39:17:828 1844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 23:39:17:875 1844 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys 23:39:17:968 1844 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 23:39:17:984 1844 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 23:39:18:015 1844 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 23:39:18:062 1844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 23:39:18:078 1844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 23:39:18:109 1844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 23:39:18:140 1844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 23:39:18:187 1844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 23:39:18:203 1844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 23:39:18:250 1844 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 23:39:18:281 1844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 23:39:18:296 1844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 23:39:18:390 1844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 23:39:18:437 1844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 23:39:18:484 1844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 23:39:18:515 1844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 23:39:18:546 1844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 23:39:18:578 1844 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 23:39:18:609 1844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 23:39:18:656 1844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 23:39:18:703 1844 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 23:39:18:734 1844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 23:39:18:765 1844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 23:39:18:796 1844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 23:39:18:843 1844 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 23:39:18:875 1844 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 23:39:18:906 1844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 23:39:18:937 1844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 23:39:18:968 1844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 23:39:19:015 1844 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 23:39:19:031 1844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 23:39:19:062 1844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 23:39:19:125 1844 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 23:39:19:250 1844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 23:39:19:343 1844 winachsf (292b0bba146793a7937d9849bddb4298) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 23:39:19:390 1844 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 23:39:19:421 1844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 23:39:19:468 1844 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 23:39:19:468 1844 23:39:19:484 1844 Completed 23:39:19:484 1844 23:39:19:484 1844 Results: 23:39:19:484 1844 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 23:39:19:484 1844 File objects infected / cured / cured on reboot: 0 / 0 / 0 23:39:19:484 1844 23:39:19:484 1844 KLMD(ARK) unloaded successfully GooredFix by jpshortstuff (03.07.10.1) Log created at 23:57 on 05/07/2010 (Semproni) Firefox version 3.6.2 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{82F0946B-789C-4C5E-ABE1-C6B437944A51} -> Success! Deleting C:\Documents and Settings\Semproni\Local Settings\Application Data\{82F0946B-789C-4C5E-ABE1-C6B437944A51} -> Success! ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [22:14 20/03/2010] {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [02:39 15/06/2009] {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [06:26 27/09/2009] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [01:53 17/05/2010] C:\Documents and Settings\Semproni\Application Data\Mozilla\Firefox\Profiles\on0wtzl9.default\extensions\ FFToolbar@upromise [02:46 16/03/2010] {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [06:41 01/05/2010] {20a82645-c095-46ed-80e3-08825760534b} [06:17 27/04/2010] {3112ca9c-de6d-4884-a869-9855de68056c} [15:56 02/07/2010] {635abd67-4fe9-1b23-4f01-e679fa7484c1} [05:39 21/01/2010] {771f3037-9885-4423-b50f-a5ede4854e26} [08:52 10/06/2010] {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} [05:48 06/03/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:11 08/08/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:53 17/05/2010] -=E.O.F=-
Think Outside The Box

#8 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 05 July 2010 - 11:09 PM

free_spirit_etc,

I suspect that took care of the redirects. Please run these for me now:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Posted Image Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Please include the following in your next post:
  • MBAM log
  • Kaspersky log

If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#9 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 06 July 2010 - 12:03 PM

Thank you. The Kaspersky scan took several hours and then my son turned the computer off before I got the report. So I followed the same instructions and re-scanned. I hope that was okay. Attached are the reports: (I have also turned my anti-virus and firewall back on since I am no longer scanning. I hope that is okay too.) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4281 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/6/2010 1:02:30 AM mbam-log-2010-07-06 (01-02-30).txt Scan type: Quick scan Objects scanned: 134625 Time elapsed: 17 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, July 6, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, July 06, 2010 05:12:04 Records in database: 4244456 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 90108 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 03:33:58 No threats found. Scanned area is clean. Selected area has been scanned.
Think Outside The Box

#10 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 06 July 2010 - 03:15 PM

free_spirit_etc,

Those all look good. How is your computer running now? Please do this next:

Posted Image Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}]
[-HKEY_CLASSES_ROOT\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"89A2510A-B4B6-4683-BEC9-1B96700BC7F1"=-
[-HKEY_CLASSES_ROOT\CLSID\{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"D4027C7F-154A-4066-A1AD-4243D8127440"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
:Commands
[ClearAllRestorePoints]
[EmptyFlash]
[EmptyTemp]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please include the following in your next post:
  • OTM log
  • How is your computer running?

If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

    Advertisements

Register to Remove

#11 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 06 July 2010 - 09:50 PM

My computer is doing MUCH better! It isn't getting re-directed now. The Windows Update still tells me I have updates to install. But I had turned the Automatic Updates off when I found out it was just installing the same one over and over. Here is the log: All processes killed ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7EA8AD2-287F-11D3-B120-006008C39542}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\89A2510A-B4B6-4683-BEC9-1B96700BC7F1 not found. Registry key HKEY_CLASSES_ROOT\CLSID\{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\D4027C7F-154A-4066-A1AD-4243D8127440 not found. Registry key HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== Restore points cleared and new OTM Restore Point set! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: Semproni ->Temp folder emptied: 115713787 bytes ->Temporary Internet Files folder emptied: 44819104 bytes ->Java cache emptied: 128094 bytes ->FireFox cache emptied: 48168390 bytes ->Apple Safari cache emptied: 42877421 bytes ->Flash cache emptied: 6611 bytes %systemdrive% .tmp files removed: 14699322 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 413561 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 180224 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 572320424 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1407411 bytes Total Files Cleaned = 804.00 mb OTM by OldTimer - Version 3.1.12.2 log created on 07062010_223941 Files moved on Reboot... File C:\Ntf120.tmp not found! File C:\Ntf121.tmp not found! File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found! File C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_6c4.dat not found! C:\WINDOWS\temp\Perflib_Perfdata_150.dat moved successfully. Registry entries deleted on Reboot...
Think Outside The Box

#12 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 06 July 2010 - 10:02 PM

free_spirit_etc,

I'd recommend that you re-enable automatic updates. Past that, all we have left to do is an update and some important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version.

Go HERE to scan for any other out of date and/or vulnerable applications on your computer and follow the instructions given for updating them.

Posted Image Cleanup with OTM
  • Double-click OTM.exe to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining tools or logs from our work
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  • Consider running in a limited user account. See this post for more information.
  • Please carefully review the information in our Security - Best Practices and Prevention forum located HERE
Please post once more so I know you are all set and I can close this thread. Good luck and stay safe!
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#13 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 07 July 2010 - 10:57 PM

Hi. Thanks! I did all that stuff. The browser is no longer redirecting. But the Windows Update is still showing that there are updates that need to be installed even though they were installed again today. On the OSI site it says I need to update Java, though I already updated it. Thanks!
Think Outside The Box

#14 RPMcMurphy

RPMcMurphy

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,326 posts

Posted 08 July 2010 - 09:15 AM

free_spirit_etc,

This will clean out any old Java junk still hanging around in your system:

Posted Image JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
Posted Image Can you give me some more details about your Windows Update problem(s)? Is it just one update (if so, which one) or all of them giving you trouble?
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.

ASAP & UNITE Member - Proud Graduate of the WTT Classroom

The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]Posted Image[/url]

#15 free_spirit_etc

free_spirit_etc

    Authentic Member

  • Authentic Member
  • PipPip
  • 136 posts

Posted 08 July 2010 - 11:19 PM

Thanks! The Java remover seemed to be working fine and was removing files and then encountered an error and closed. I have tried to use it several times but it keeps closing due to an error as soon as it starts.

The Windows Updates are:
Windows XP Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417) Thursday, July 08, 2010 Automatic Updates
Windows XP Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524) Thursday, July 08, 2010 Automatic Updates
Windows XP Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168) Thursday, July 08, 2010 Automatic Updates
Windows XP Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0 SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909) Thursday, July 08, 2010 Automatic Updates

They are showing as successfully installed. They have automatically installed multiple times and I have manually installed them several times. But I still keep getting the message that updates are ready to install. And when I go to the update center they show as still needing to be installed. They began installing on June 10.

I started following the instructions at http://support.microsoft.com/kb/910339. I tried the Malicious Software Removal Tool and spyware fighting tools so far.

Thanks!
Think Outside The Box

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·