Solved Google redirect and Jump problem

broni · 2010/10/18

Why does it come up with an out of date Java when #22 was said to be the latest??
Click to expand...

That's a program glitch. Don't worry about it.

Haha...I can see, that Eset classified Combofix as a trojan....LOL

Make sure, you delete this:
- D:\My Downloads\CVirus.exe
and you empty recycle bin afterwards.

Then....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

elfagobarcus · 2010/10/18

You won't believe this. Last night I thought we had it. I logged off and let the computer run. This morning when I tried to get you WindowsBBS I got a parallel website that load the address briefly showed as "Google-analytical" then You won't believe this. Last night I thought we had it. I logged off and let the computer run. This morning when I tried to get to you at WindowsBBS I got a parallel website that load the address briefly showed as "Google-analytical" then all kinds of other sites started showing up.

I re-ran ESET and it found a virus called HTML B.gen virus, 3 occasions of it. I didn't have them removed so wondering why AVG Free didn't get it, I scanned with AVG the whole computer. It found nothing. Neither did SuperAnti spyware.

What now?

broni · 2010/10/18

I re-ran ESET and it found a virus called HTML B.gen virus, 3 occasions of it.
Click to expand...

I need to see Eset log to comment.

elfagobarcus · 2010/10/18

Sorry for the delay. I can not believe the difference in this one and the one I didn't keep.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\684HQ61R\PopularScreenSaversInitialSetup1.0.1.1[1].cab Win32/AdInstaller application
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FC4HWT13\index[3].htm HTML/Iframe.B.Gen virus
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FC4HWT13\index[5].htm HTML/Iframe.B.Gen virus
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FC4HWT13\index[6].htm HTML/Iframe.B.Gen virus
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL a variant of Win32/Toolbar.MyWebSearch.D application
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application
C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application
C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL a variant of Win32/Toolbar.MyWebSearch.I application
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL a variant of Win32/Toolbar.MyWebSearch.J application
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL a variant of Win32/Toolbar.MyWebSearch.K application
C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application
C:\WINDOWS\system32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application
D:\My Downloads\ComboFix.exe a variant of Win32/Kryptik.YI trojan

The AVG Free edition was updated between these to runs. Just in case that makes a difference.

broni · 2010/10/18

This is impossible to happen without you installing something bad, or going to some bad site.

Your computer was perfectly clean.

MyWebSearch is easily detected and removed by MBAM and it wasn't there before.

Re-run Eset, let it fix all issue.

Update MBAM, run new scan and post fresh log.

elfagobarcus · 2010/10/19

Sorry about the ***** up. The only place I visited was the upgrade of AVG. The AVG/Yahoo toolbar I believe to be the bad apple.

I ran the ESET and cleaned it all off. Now I can't get the Malware program MBAM to update. It tells me to report the error to the website. I even downloaded another version and the same thing happened. AVG was turned off.

I had a terrible time getting to the MBAM site. It keeps redirecting me.

broni · 2010/10/19

I think, we have to re-run some tools.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

elfagobarcus · 2010/10/19

10-19-2010 file

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF798B000 ViaIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 videX32.sys
0xF7717000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF74A3000 viamraid.sys
0xF748B000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF746B000 fltMgr.sys
0xF7459000 sr.sys
0xF771F000 PxHelp20.sys
0xF7442000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7415000 NDIS.sys
0xF7727000 viaagp1.sys
0xF787D000 Mup.sys
0xF772F000 avgrkx86.sys
0xF7647000 AVGIDSEH.Sys
0xBA768000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xB9C60000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xB9C4C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA758000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA748000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA738000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9C29000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7807000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9C05000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9BD2000 \SystemRoot\system32\drivers\vinyl97.sys
0xB9BAE000 \SystemRoot\system32\drivers\portcls.sys
0xF7677000 \SystemRoot\system32\drivers\drmk.sys
0xF7687000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0xF7817000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7697000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7E8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9B9A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF781F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9FD2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9B83000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9EAE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9AD2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9EA6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB9E9E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9E96000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9A74000 \SystemRoot\system32\DRIVERS\update.sys
0xBA734000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7587000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7577000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB9E8E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7557000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF791B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7547000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9E86000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF791F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB89D7000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xB9E76000 \SystemRoot\System32\drivers\vga.sys
0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB9E6E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB9E66000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7927000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB897D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8924000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB88DC000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xB88B6000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7537000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB888E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB886C000 \SystemRoot\System32\drivers\afd.sys
0xF7527000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB87AA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7757000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB877F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB870F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7517000 \SystemRoot\System32\Drivers\Fips.SYS
0xB86D3000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF775F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF793B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF776F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7777000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7507000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7943000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB7DED000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA7C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7D5D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7E19000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77A7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3429000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3140000 \SystemRoot\system32\drivers\wdmaud.sys
0xB31F5000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2E3D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79A3000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2EDA000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB2CF5000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2DCD000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB2E6E000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xB2A4D000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xB25AB000 \SystemRoot\System32\Drivers\HTTP.sys
0xB1F0F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
536 C:\WINDOWS\system32\smss.exe
584 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
764 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
836 C:\WINDOWS\system32\services.exe
848 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1232 C:\WINDOWS\system32\svchost.exe
1304 svchost.exe
1496 svchost.exe
1740 C:\WINDOWS\explorer.exe
1864 C:\WINDOWS\system32\spoolsv.exe
2008 C:\WINDOWS\system32\VTTimer.exe
152 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
220 C:\Program Files\Common Files\Java\Java Update\jusched.exe
228 C:\Program Files\AVG\AVG10\avgtray.exe
236 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
244 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
288 C:\WINDOWS\system32\ctfmon.exe
344 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
400 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
768 svchost.exe
984 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1032 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1168 C:\Program Files\Java\jre6\bin\jqs.exe
1368 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1524 C:\WINDOWS\system32\IoctlSvc.exe
1644 C:\WINDOWS\system32\HPZipm12.exe
1736 C:\Program Files\UPHClean\uphclean.exe
284 C:\WINDOWS\system32\searchindexer.exe
1364 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2112 C:\Program Files\AVG\AVG10\avgnsx.exe
2128 C:\Program Files\AVG\AVG10\avgemcx.exe
2276 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2936 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3324 alg.exe
2424 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
2584 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3496 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00GVC0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD400BB-23JHA1, Rev: 06.01C06

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
37 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

elfagobarcus · 2010/10/19

ComboFix 10-10-18.06 - Owner 10/19/2010 17:03:22.3.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\winspool.drv

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
.

2010-10-18 21:31 . 2010-10-19 14:40 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-18 21:31 . 2010-10-18 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-18 21:22 . 2010-10-18 21:22 -------- d-----w- C:\AVGTemp
2010-10-18 20:22 . 2010-10-18 20:22 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG10
2010-10-18 20:21 . 2010-10-18 20:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-18 20:20 . 2010-10-18 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG9
2010-10-18 19:57 . 2010-10-18 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-18 02:51 . 2010-10-18 02:51 -------- d-----w- c:\program files\ESET
2010-10-18 02:26 . 2010-10-18 02:26 -------- d-----w- C:\_OTL
2010-10-18 02:12 . 2010-10-18 02:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-18 02:02 . 2010-10-18 02:02 -------- d-----w- C:\Programs
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 02:43 . 2010-10-17 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 02:43 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 02:43 . 2010-10-19 06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 08:03 . 2006-01-01 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-08 04:01 . 2010-10-08 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\KompoZer
2010-10-05 02:55 . 2006-05-04 13:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2010-10-05 02:55 . 2005-10-04 06:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-05 02:54 . 2010-10-05 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2010-09-21 16:41 . 2010-09-21 16:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-21 16:38 . 2010-10-19 13:25 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-21 16:37 . 2010-09-21 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-21 16:37 . 2010-09-21 16:37 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-21 15:42 . 2010-09-24 04:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2010-09-21 15:26 . 2010-09-21 15:26 -------- d-----w- c:\program files\ImgBurn
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2010-09-21 00:24 . 2010-09-21 00:24 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2010-09-21 00:24 . 2010-09-21 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2010-09-20 15:32 . 2010-09-20 15:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-09-20 15:28 . 2010-09-20 15:29 -------- dc-h--w- c:\windows\ie8
2010-09-20 15:27 . 2010-09-20 15:27 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-09-20 02:19 . 2010-09-20 03:37 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-17_19.05.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-10-19 22:11 . 2010-10-19 22:11 16384 c:\windows\Temp\Perflib_Perfdata_39c.dat
+ 2010-09-07 08:48 . 2010-09-07 08:48 26064 c:\windows\system32\drivers\avgrkx86.sys
+ 2010-09-07 08:48 . 2010-09-07 08:48 34384 c:\windows\system32\drivers\avgmfx86.sys
+ 2010-08-20 02:42 . 2010-08-20 02:42 26192 c:\windows\system32\drivers\AVGIDSShim.sys
+ 2010-08-20 02:42 . 2010-08-20 02:42 30288 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2010-09-13 21:27 . 2010-09-13 21:27 25680 c:\windows\system32\drivers\AVGIDSEH.sys
- 2010-07-15 22:00 . 2010-10-16 14:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-19 14:45 . 2010-10-19 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-15 22:00 . 2010-10-16 14:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-15 22:00 . 2010-10-19 14:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-07-15 22:00 . 2010-10-16 14:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-19 14:45 . 2010-10-19 14:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
- 2010-08-19 20:37 . 2010-07-17 10:00 153376 c:\windows\system32\javaws.exe
+ 2010-10-18 02:12 . 2010-10-18 02:11 153376 c:\windows\system32\javaws.exe
- 2010-08-19 20:37 . 2010-07-17 10:00 145184 c:\windows\system32\javaw.exe
+ 2010-10-18 02:12 . 2010-10-18 02:11 145184 c:\windows\system32\javaw.exe
+ 2010-10-18 02:12 . 2010-10-18 02:11 145184 c:\windows\system32\java.exe
- 2010-08-19 20:37 . 2010-07-17 10:00 145184 c:\windows\system32\java.exe
+ 2010-09-07 08:49 . 2010-09-07 08:49 298448 c:\windows\system32\drivers\avgtdix.sys
+ 2010-09-07 08:48 . 2010-09-07 08:48 249424 c:\windows\system32\drivers\avgldx86.sys
+ 2010-08-20 02:42 . 2010-08-20 02:42 123472 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2010-07-16 12:36 . 2010-10-18 02:11 472808 c:\windows\system32\deployJava1.dll
+ 2010-10-18 02:11 . 2010-10-18 02:11 677376 c:\windows\Installer\b19642.msi
+ 2010-10-18 20:17 . 2010-10-18 20:17 219648 c:\windows\Installer\185856b.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-10-18 20:20 . 2010-10-18 20:20 3009024 c:\windows\Installer\1858573.msi
+ 2010-10-18 20:17 . 2010-10-18 20:17 1542656 c:\windows\Installer\185856f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 20:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-01 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [2006-08-15 53248]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"HitmanPro35 "= "c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-10-13 6238016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY "= "c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe "=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP "= 5985:TCP:*isabled:Windows Remote Management

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-08-27 488776]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2006-01-01 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 26192]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 18:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/?o=15784&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\ACTIVEDS.dll

- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\VTTimer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-10-19 17:17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-19 22:17
ComboFix2.txt 2010-10-17 20:59
ComboFix3.txt 2010-10-17 19:09

Pre-Run: 95,771,598,848 bytes free
Post-Run: 95,862,087,680 bytes free

- - End Of File - - 2DC006EDC87B26E3C2F5A8807BFE2F60

broni · 2010/10/19

See, if you can update and run MBAM now.

elfagobarcus · 2010/10/19

Sorry, still get the error message. Should I uninstall it, download it again to see if it will play.

broni · 2010/10/19

Follow steps from HERE to fully uninstall MBAM.
Reinstall afterwards.

elfagobarcus · 2010/10/19

Sorry, same error. An error has occurred. Please report this error code to our support team. mbam_updating_error (12007, 0, WinHttpSendRequest)

broni · 2010/10/19

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Under "Configuration and Preferences ", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan ", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".

Make sure everything has a checkmark next to it and click "Next ".

A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes ".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply with a new HijackThis log.

Click Close to exit the program.

Post SUPERAntiSpyware log.

elfagobarcus · 2010/10/20

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2010 at 00:43 AM

Application Version : 4.44.1000

Core Rules Database Version : 5717
Trace Rules Database Version: 3529

Scan type : Complete Scan
Total Scan Time : 01:18:03

Memory items scanned : 224
Memory threats detected : 0
Registry items scanned : 7249
Registry threats detected : 0
File items scanned : 19958
File threats detected : 65

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@tracking.foxnews[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.creafi[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizzclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adxpose[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.infinisource[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clicks.fastgetonline[1].txt
C:\Documents and Settings\Owner\Cookies\owner@content.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficengine[1].txt
C:\Documents and Settings\Owner\Cookies\owner@shopica[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.pixeltrack66[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.epoclick[1].txt

Adware.MyWebSearch/FunWebProducts
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP207\A0035587.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035939.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035940.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035942.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035943.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035944.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035945.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035946.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035948.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035949.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035950.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035968.SCR

Adware.MyWebSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP207\A0035637.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035941.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035947.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035952.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035953.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035954.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035955.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035956.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035957.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035958.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035959.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035961.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035962.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035963.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035964.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035965.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035966.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035967.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035988.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035989.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035991.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035992.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035993.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{07050E36-C211-4072-B915-2324B803CCFD}\RP208\A0035994.EXE

elfagobarcus · 2010/10/20

I tried to run MBAM but it still gets the same error.

broni · 2010/10/20

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

[color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

elfagobarcus · 2010/10/21

I can't believe it took 23 hours of computer running to get this report. Hope it give you the info that you want. The first time the computer rebooted and I tried to get to windowsbbs.com I got redirected to a Quiz site.

DrWeb
ComboFix.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\Owner\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;;
ComboFix1.exe\32788R22FWJFW\Create.cmd;C:\Documents and Settings\Owner\Desktop\ComboFix1.exe;Probably BATCH.Virus;;
ComboFix1.exe;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;;
Fixwareout.exe/data002\{app}\FindT\nircmd.exe;C:\My Downloads\Fixwareout.exe/data002;Tool.NirCmd.1;;
data002;C:\My Downloads;Container contains infected objects;;
Fixwareout.exe;C:\My Downloads;Container contains infected objects;Moved.;
ELADownloadInstaller.exe/Easylinkadvisorweb.exe\GTDOWN.OCX;C:\My Downloads\Linksys\ELADownloadInstaller.exe/Easylinkadvisorweb.exe;Adware.Gdown;;
Easylinkadvisorweb.exe;C:\My Downloads\Linksys;Archive contains infected objects;;
ELADownloadInstaller.exe;C:\My Downloads\Linksys;Archive contains infected objects;Moved.;
A0025245.exe/data002\{app}\FindT\nircmd.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP172\A0025245.exe/data002;Tool.NirCmd.1;;
data002;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP172;Container contains infected objects;;
A0025245.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP172;Container contains infected objects;Moved.;
A0033515.cmd;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP198;Probably BATCH.Virus;;
A0033656.cmd;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP198;Probably BATCH.Virus;;
A0036152.cmd;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP209;Probably BATCH.Virus;;
A0038344.exe/data002\{app}\FindT\nircmd.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210\A0038344.exe/data002;Tool.NirCmd.1;;
data002;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210;Container contains infected objects;;
A0038344.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210;Container contains infected objects;Moved.;
A0038346.exe/Easylinkadvisorweb.exe\GTDOWN.OCX;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210\A0038346.exe/Easylinkadvisorweb.exe;Adware.Gdown;;
Easylinkadvisorweb.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210;Archive contains infected objects;;
A0038346.exe;C:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP210;Archive contains infected objects;Moved.;
Fixwareout.exe/data002\{app}\FindT\nircmd.exe;D:\My Downloads\Fixwareout.exe/data002;Tool.NirCmd.1;;
data002;D:\My Downloads;Container contains infected objects;;
Fixwareout.exe;D:\My Downloads;Container contains infected objects;Moved.;
A0038374.exe/data002\{app}\FindT\nircmd.exe;D:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP211\A0038374.exe/data002;Tool.NirCmd.1;;
data002;D:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP211;Container contains infected objects;;
A0038374.exe;D:\System Volume Information\_restore{07050E36-C211-4072-B915-2324B803CCFD}\RP211;Container contains infected objects;Moved.;

broni · 2010/10/21

Which browser is getting redirected?

Let's try to reset router....

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client "
net start "dns client "

Turn the computer off.

On your router, you'll find a pinhole marked "Reset ".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

elfagobarcus · 2010/10/21

I use IE8 with Yahoo search. I change from Goggle after I got the TDSSkiller problem. I don't see any difference in the redirect-jump problem with either search engine. It is strange that the website that comes up the most often is the "Goggle Analytical ".

I accomplished all the reset on the computer but I can't find the pin hole. I have a Netgear WGR614-9 unit that is provided by the Wireless DSL provider. I can access the unit through the computer. Can I do the reset there?

At this point I still get redirected.

Log in or Sign up

Solved Google redirect and Jump problem

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Google redirect and Jump problem

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

broni Moderator Malware Analyst

elfagobarcus Inactive Thread Starter

Share This Page

Useful Searches