Inactive [InActive] Search Engine Redirect probs

Have search engine redirect issue -- Please help me fix it! I have HijackThis log. Should I send it to you?

 

Thank you for replying. I've tried using dds.scr before posting and it doesnt work. That's why I asked if I could send the log from HijackThis. What shall I do?

 

Finally found DDS file that worked! Here's my stuff...

Finally found DDS file that worked! Here is log info...

DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 18:34:42.45 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.91 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\DDS\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://search.netscape.com/search/webhome
uInternet Settings,ProxyServer = http=localhost:1053
mSearchAssistant = hxxp://www.google.com/ie
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\HPDTLK02.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {60793A9B-AB32-4874-82A3-7CA1B933C688} - No File
TB: Morpheus Toolbar: {119dbeda-9c41-4f97-94b4-b6bcd01133cf} -
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /S
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: AdSubtract: Bypass Site - \AdSub.exe/360
IE: AdSubtract: Cloak Image - \AdSub.exe/361
IE: AdSubtract: Report Site - \AdSub.exe/359
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: fedex.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CBFF31B5-91C0-4361-98BD-4C56D0F9CDAC} - hxxp://www.betterphoto.com/_shared/uploadImageDragDrop46/DragAndDropUploader2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-24 149352]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090226.034\NAVENG.SYS [2009-2-26 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090226.034\NAVEX15.SYS [2009-2-26 876144]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2007-9-27 1251720]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-8-4 136704]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 Sc04pcinadmm;Sc04pcinadmm; [x]

============== File Associations ===============

scrfile= "%1" %*

=============== Created Last 30 ================

2009-02-26 14:48 <DIR> --d----- C:\DDS
2009-02-26 14:20 <DIR> --d----- C:\Hijack
2009-02-19 17:09 <DIR> --d----- c:\docume~1\owner\applic~1\dBpoweramp
2009-02-10 16:58 <DIR> --d----- c:\program files\Photo Viewer
2009-02-09 20:55 <DIR> --d----- c:\docume~1\owner\applic~1\AccurateRip
2009-02-09 20:55 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-02-09 20:55 13,785 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-02-04 11:49 <DIR> --d----- c:\program files\iTunes
2009-02-04 11:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-02 20:40 <DIR> --d----- c:\docume~1\owner\applic~1\Songbird2
2009-02-02 20:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC
2009-02-01 16:03 <DIR> --d----- c:\program files\Amazon

==================== Find3M ====================

2009-02-09 20:54 5,068,152 a------- c:\windows\system32\SpoonUninstall.exe
2009-01-09 13:23 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-09 13:23 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-09 13:23 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-09 13:23 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2007-10-22 02:11 405,448 a------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2007-02-09 18:19 24,192 a------- c:\documents and settings\owner\usbsermptxp.sys
2007-02-09 18:19 22,768 a------- c:\documents and settings\owner\usbsermpt.sys
2004-10-22 03:18 0 a--sh--- c:\windows\sminst\HPCD.sys
2008-10-29 03:09 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat
2008-10-29 03:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 18:35:57.37 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/22/2004 10:32:08 AM
System Uptime: 2/26/2009 12:08:23 PM (6 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 106 GiB total, 56.882 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.952 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/17/2008 10:55:38 PM - System Checkpoint
RP2: 12/17/2008 11:00:54 PM - Software Distribution Service 3.0
RP3: 12/18/2008 11:27:12 PM - System Checkpoint
RP4: 12/19/2008 11:45:18 PM - System Checkpoint
RP5: 12/21/2008 5:25:54 AM - System Checkpoint
RP6: 12/22/2008 5:56:30 AM - System Checkpoint
RP7: 12/23/2008 6:05:34 AM - System Checkpoint
RP8: 12/24/2008 7:03:50 AM - System Checkpoint
RP9: 12/25/2008 8:03:50 AM - System Checkpoint
RP10: 12/26/2008 9:03:54 AM - System Checkpoint
RP11: 12/27/2008 2:32:12 PM - System Checkpoint
RP12: 12/28/2008 3:52:21 PM - System Checkpoint
RP13: 12/29/2008 3:19:51 PM - Installed Windows Defender
RP14: 12/30/2008 2:19:35 AM - Software Distribution Service 3.0
RP15: 12/31/2008 2:52:39 AM - System Checkpoint
RP16: 12/31/2008 12:16:12 PM - Windows Defender Checkpoint
RP17: 12/31/2008 3:30:04 PM - Windows Defender Checkpoint
RP18: 1/1/2009 3:35:16 PM - System Checkpoint
RP19: 1/2/2009 1:43:39 AM - Software Distribution Service 3.0
RP20: 1/3/2009 2:33:45 AM - System Checkpoint
RP21: 1/3/2009 7:21:04 PM - Windows Defender Checkpoint
RP22: 1/4/2009 7:33:45 PM - System Checkpoint
RP23: 1/5/2009 7:46:15 PM - System Checkpoint
RP24: 1/6/2009 1:46:13 AM - Software Distribution Service 3.0
RP25: 1/7/2009 2:33:43 AM - System Checkpoint
RP26: 1/8/2009 3:33:47 AM - System Checkpoint
RP27: 1/8/2009 11:35:01 AM - Software Distribution Service 3.0
RP28: 1/9/2009 1:33:54 AM - Windows Defender Checkpoint
RP29: 1/10/2009 2:31:31 AM - System Checkpoint
RP30: 1/10/2009 1:27:56 PM - Windows Defender Checkpoint
RP31: 1/11/2009 3:36:50 PM - Installed Windows NLSDownlevelMapping.
RP32: 1/11/2009 3:37:34 PM - Installed Windows IDNMitigationAPIs.
RP33: 1/11/2009 3:37:53 PM - Installed Windows Internet Explorer 7.
RP34: 1/11/2009 3:52:46 PM - Software Distribution Service 3.0
RP35: 1/12/2009 2:59:17 PM - Software Distribution Service 3.0
RP36: 1/13/2009 11:04:18 AM - Software Distribution Service 3.0
RP37: 1/14/2009 11:33:32 AM - System Checkpoint
RP38: 1/15/2009 12:49:12 PM - System Checkpoint
RP39: 1/16/2009 2:17:30 AM - Software Distribution Service 3.0
RP40: 1/16/2009 11:27:29 AM - Windows Defender Checkpoint
RP41: 1/17/2009 12:00:40 PM - System Checkpoint
RP42: 1/18/2009 12:51:05 PM - Unsigned driver install
RP43: 1/18/2009 3:22:46 PM - Removed Google Gears
RP44: 1/18/2009 3:23:55 PM - Removed Bonjour
RP45: 1/18/2009 5:34:06 PM - Installed LG USB Modem driver
RP46: 1/18/2009 5:37:56 PM - Unsigned driver install
RP47: 1/19/2009 2:57:11 PM - Software Distribution Service 3.0
RP48: 1/20/2009 4:34:13 PM - System Checkpoint
RP49: 1/21/2009 5:22:27 PM - System Checkpoint
RP50: 1/22/2009 8:02:52 AM - Software Distribution Service 3.0
RP51: 1/23/2009 8:03:52 AM - System Checkpoint
RP52: 1/24/2009 8:50:52 AM - System Checkpoint
RP53: 1/25/2009 8:51:57 AM - System Checkpoint
RP54: 1/26/2009 10:29:46 AM - Software Distribution Service 3.0
RP55: 1/27/2009 11:01:53 AM - System Checkpoint
RP56: 1/28/2009 11:13:58 AM - System Checkpoint
RP57: 1/29/2009 9:27:58 AM - Software Distribution Service 3.0
RP58: 1/30/2009 9:39:25 AM - System Checkpoint
RP59: 1/31/2009 10:25:54 AM - System Checkpoint
RP60: 2/1/2009 10:33:15 AM - System Checkpoint
RP61: 2/2/2009 11:03:52 AM - System Checkpoint
RP62: 2/2/2009 1:36:59 PM - Software Distribution Service 3.0
RP63: 2/2/2009 4:09:03 PM - Unsigned driver install
RP64: 2/2/2009 4:44:18 PM - Unsigned driver install
RP65: 2/2/2009 8:07:20 PM - 02-02-09
RP66: 2/3/2009 4:25:18 AM - Installed Windows XP KB942288-v3.
RP67: 2/4/2009 4:33:40 AM - System Checkpoint
RP68: 2/4/2009 11:47:50 AM - Installed iTunes
RP69: 2/4/2009 12:44:09 PM - Removed Apple Software Update
RP70: 2/4/2009 12:45:51 PM - Removed Bonjour
RP71: 2/4/2009 12:47:09 PM - Removed Apple Mobile Device Support
RP72: 2/4/2009 12:51:23 PM - Configured iPod for Windows 2006-06-28
RP73: 2/5/2009 2:03:45 PM - System Checkpoint
RP74: 2/5/2009 8:45:35 PM - Software Distribution Service 3.0
RP75: 2/6/2009 9:19:00 PM - System Checkpoint
RP76: 2/7/2009 11:15:11 PM - System Checkpoint
RP77: 2/8/2009 11:48:15 PM - System Checkpoint
RP78: 2/9/2009 11:51:17 PM - System Checkpoint
RP79: 2/10/2009 1:35:53 AM - Software Distribution Service 3.0
RP80: 2/11/2009 1:47:45 AM - System Checkpoint
RP81: 2/11/2009 3:00:33 AM - Software Distribution Service 3.0
RP82: 2/12/2009 3:18:39 AM - System Checkpoint
RP83: 2/13/2009 2:12:40 AM - Software Distribution Service 3.0
RP84: 2/14/2009 2:18:52 AM - System Checkpoint
RP85: 2/15/2009 2:35:41 AM - System Checkpoint
RP86: 2/16/2009 3:18:39 AM - System Checkpoint
RP87: 2/16/2009 8:53:56 AM - Software Distribution Service 3.0
RP88: 2/17/2009 9:29:16 AM - System Checkpoint
RP89: 2/18/2009 10:18:39 AM - System Checkpoint
RP90: 2/19/2009 10:54:04 AM - System Checkpoint
RP91: 2/19/2009 4:30:37 PM - Software Distribution Service 3.0
RP92: 2/20/2009 5:24:53 PM - System Checkpoint
RP93: 2/21/2009 10:19:26 PM - System Checkpoint
RP94: 2/22/2009 10:25:57 PM - System Checkpoint
RP95: 2/23/2009 7:59:33 PM - Software Distribution Service 3.0
RP96: 2/24/2009 3:36:29 PM - Software Distribution Service 3.0
RP97: 2/25/2009 7:28:21 PM - System Checkpoint

==== Installed Programs ======================


23_24_2500Tour
2400
2400_2500Help
2400_2500trb
32 Bit HP CIO Components Installer
7-Zip 4.42
Adobe Flash Player 10 ActiveX
Adobe GoLive CS (ENG)
Adobe InDesign CS
Adobe Photoshop CS
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
AIO_Scan
AiOSoftware
Amazon MP3 Downloader 1.0.3
AppCore
ArcSoft Camera Suite
ArcSoft ShowBiz DVD 2
BitPim 1.0.6
BufferChm
C7200
C7200_Help
Cards_Calendar_OrderGift_DoMorePlugout
ccCommon
Component Framework
Copy
Corel Business Applications
CreativeProjects
CreativeProjectsTemplates
CueTour
CustomerResearchQFolder
dBpoweramp Music Converter
DesignPro 5.0 Limited Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
eSupportQFolder
Fax
Free CD to MP3 Converter
Google Update
GPBaseService
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Imaging Device Functions 10.0
HP Instant Support
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential
HP Photosmart Essential 2.5
HP PSC & OfficeJet 4.2
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPImageZone
HPIZ Fix2
hpmdtab
HPODiscovery
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
HPSystemDiagnostics
IconEasel 98 / EasyIcons 98 v6.2
Icons from File 3.0
ImageMixer for Sony
IncrediMail
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
IomegaWare 4.0.2
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
LG USB Modem driver
LightScribe 1.4.142.1
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
Magentic
Malwarebytes' Anti-Malware
MarketResearch
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer Administration Kit 5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! 99
Microsoft Publisher 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Microsoft Works 7.0
MicroStaff WINASPI
mobile PhoneTools
Morpheus Toolbar
Motorola Driver Installation
Motorola PST
Motorola Software Update
Motorola USB Drivers
MP3 Converter Simple
Mp3 Recorder (remove only)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Card Reader
Need2Find Bar
Nero 7 Demo
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
NVIDIA Ethernet Driver
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S. 10.0
Overland
PanoStandAlone
PDFCreator
Peak JetEffects Version 2.5
Photo Loader 2.3E
Photo Viewer 2.4
PhotoGallery
Photohands 1.0E
PrintScreen
ProductContext
ProWrite 2005
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QFolder
QuickProjects
QuickTime
Readme
Registry Mechanic 8.0
RSD_LITE_1_7_1
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shop for HP Supplies
SkinsHP1
SkinsHP2
SmartWebPrintingOC
SolutionCenter
SPBBC 32bit
Status
SUPERAntiSpyware Free Edition
Symantec Network Drivers Update
Symantec Real Time Storage Protection Component
Symantec Technical Support Web Controls
SymNet
Toolbox
toolkit
TrayApp
Ulead DVD PictureShow 2 SE Basic
Ulead Movie Wizard SE VCD
Ulead Photo Explorer 8.0 SE Basic
Unload
UnloadSupport
UnRAR for Windows
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VideoToolkit01
Voice-Warper 1
WebFldrs XP
WebReg
WIBU-KEY Setup (WIBU-KEY Remove)
WIDI Recognition System Pro 3.3 (remove only)
WinAce Archiver
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/20/2009 11:58:17 AM, error: Dhcp [1002] - The IP address lease 68.3.65.42 for the Network Card with network address 000C6EDE1861 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/20/2009 12:22:41 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/23/2009 6:36:29 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
2/23/2009 6:36:29 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
2/23/2009 6:36:52 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/23/2009 5:39:54 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file setup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

==== End Of File ===========================

Thank you so much for your help!

 

Hi and welcome

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Search engine redirect fix - combofix doesn't work.

I tried all of the combofix links and none of them work. They create a file called nircmd.com which, when clicked on, brings up Notepad with garbled characters. I tried to copy and paste what was there and this is all that will paste:

MZ

Help, please!

Thank you

 

Sounds like you tried downloading with more then one already on the machine.

Find what you tried to download, right click and select delete.


Download worksnow from HERE:

[color= "purple"]* IMPORTANT !!! Save worksnow to your Desktop[/color]

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on worksnow & follow the prompts.
  
  Note: worksnow will run without the Recovery Console installed.
  
• As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color= "blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

​

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.[color= "red"]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

 

Tried worksnow and got same result: nircmd.com (at top says "This program cannot be run in dos mode" if that helps any)

:-(

 

Try one more time....
And if it does the same thing.....Open task manager (Right click on the tool bar, then select taskmanager)
Click on the Processes tab, scroll to nircmd.com and if found, right click on that and end task.

Run now?

 

Tried again, same thing. Went into task mgr and no listing of nircmd.com.

 

OK

We'll continue.


Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~


NEXT**
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


NEXT**
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419





In your next reply post:
Malwarebytes' Anti-Malware log
Kaspersky log
New HJT log

 

Due to the lack of feedback this Topic is closed.


If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter.