TechSpot

Different browser issue - redirect fixed, but....

By jmtbkr
Jul 6, 2011
  1. Hi all!

    I recently went thru the Google re-direct hijacking mess. Ran Maleware and Hijackthis and it seems to have gone away.

    I use IE8. Google home page.

    Some web sites load up completely,with me logged on. Some don't. Some sites log on, but no images at all - just white box/red X.
    Others I have to constantly log on, then log on again after I post something. But the images are there.

    Never had this until I got browser-jacked a few weeks ago.

    Can anybody please help?

    thanks!
    jeff
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Let's address this:
    Symptoms will sometimes resolve and people will "assume" the malware is gone. This is rarely the case. I do see we didn't help you here. The best thing to do is check the system-properly- for malware and remove it. It's very possible that Mbam and HJT did not remove all of the entries- or-if the problem was caused by a rootkit, specific scanning programs have to be used>>> best with supervision.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. jmtbkr

    jmtbkr TS Rookie Topic Starter

    thanks for the offer to help.
    I will be out of town for a few days and will do all you ask when I return on Monday.
    jeff
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for letting me know.

    I'll keep the thread open until then.
     
  5. jmtbkr

    jmtbkr TS Rookie Topic Starter

    I started the proceedure

    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/11/2011 4:57:05 PM
    mbam-log-2011-07-11 (16-57-05).txt

    Scan type: Quick scan
    Objects scanned: 145792
    Time elapsed: 12 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  6. jmtbkr

    jmtbkr TS Rookie Topic Starter

    gmer.log

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-11 17:10:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725025GLA380 rev.GM2OA5BA
    Running: gmer.exe; Driver: C:\DOCUME~1\jeff\LOCALS~1\Temp\uftdypog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
    AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
    AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

    Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)

    ---- EOF - GMER 1.0.15 ----
     
  7. jmtbkr

    jmtbkr TS Rookie Topic Starter

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by jeff at 17:12:49 on 2011-07-11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1373 [GMT -4:00]
    .
    AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: CA Personal Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?hl=en
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080426
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
    TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
    mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
    mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
    mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
    mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
    TCP: Interfaces\{CC1A1A18-22CC-485A-BCC6-F68B0057A66A} : DhcpNameServer = 167.206.254.2 167.206.254.1
    Notify: PFW - UmxWnp.Dll
    SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
    R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-10-23 26352]
    R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-10-23 21104]
    R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-23 746216]
    R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-10-23 21488]
    R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-10-23 161008]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-10-23 144696]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
    R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
    R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
    R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-10-23 255312]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
    R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-10-23 185680]
    R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-23 130280]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
    .
    =============== Created Last 30 ================
    .
    2011-07-11 20:42:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-11 20:41:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-30 16:28:02 -------- d-----w- c:\program files\Trend Micro
    2011-06-29 21:18:10 -------- d-----w- c:\program files\SpyZooka
    2011-06-27 16:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-23 23:27:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-23 23:24:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-06-23 23:24:10 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-20 00:13:03 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
    2011-06-20 00:12:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-15 10:24:21 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-06-12 22:46:01 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Mozilla
    .
    ==================== Find3M ====================
    .
    2011-06-28 23:18:29 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-06-09 20:29:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 17:13:51.60 ===============
     
  8. jmtbkr

    jmtbkr TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/30/2008 5:00:07 PM
    System Uptime: 7/8/2011 2:58:09 PM (75 hours ago)
    .
    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 229 GiB total, 192.292 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1102: 4/13/2011 3:21:16 AM - System Checkpoint
    RP1103: 4/14/2011 3:31:00 AM - System Checkpoint
    RP1104: 4/14/2011 12:40:51 PM - Software Distribution Service 3.0
    RP1105: 4/15/2011 12:56:41 PM - System Checkpoint
    RP1106: 4/16/2011 2:08:11 PM - System Checkpoint
    RP1107: 4/17/2011 6:26:21 PM - System Checkpoint
    RP1108: 4/18/2011 6:48:16 PM - System Checkpoint
    RP1109: 4/19/2011 9:35:45 PM - System Checkpoint
    RP1110: 4/20/2011 9:49:16 PM - System Checkpoint
    RP1111: 4/21/2011 8:24:45 PM - Unsigned driver install
    RP1112: 4/22/2011 8:44:13 PM - System Checkpoint
    RP1113: 4/23/2011 9:49:15 PM - System Checkpoint
    RP1114: 4/24/2011 10:37:14 PM - System Checkpoint
    RP1115: 4/25/2011 10:49:16 PM - System Checkpoint
    RP1116: 4/26/2011 11:37:16 PM - System Checkpoint
    RP1117: 4/27/2011 11:49:17 PM - System Checkpoint
    RP1118: 4/29/2011 12:49:17 AM - System Checkpoint
    RP1119: 4/30/2011 1:37:16 AM - System Checkpoint
    RP1120: 4/30/2011 8:48:51 AM - Software Distribution Service 3.0
    RP1121: 5/1/2011 9:13:03 AM - System Checkpoint
    RP1122: 5/2/2011 10:07:25 AM - System Checkpoint
    RP1123: 5/3/2011 10:07:35 AM - System Checkpoint
    RP1124: 5/4/2011 10:55:34 AM - System Checkpoint
    RP1125: 5/5/2011 11:55:34 AM - System Checkpoint
    RP1126: 5/6/2011 1:11:36 PM - System Checkpoint
    RP1127: 5/7/2011 1:25:14 PM - System Checkpoint
    RP1128: 5/8/2011 2:04:10 PM - System Checkpoint
    RP1129: 5/9/2011 3:03:57 PM - System Checkpoint
    RP1130: 5/10/2011 3:52:08 PM - System Checkpoint
    RP1131: 5/11/2011 4:00:06 PM - System Checkpoint
    RP1132: 5/11/2011 4:55:28 PM - Software Distribution Service 3.0
    RP1133: 5/12/2011 9:18:32 PM - System Checkpoint
    RP1134: 5/13/2011 10:15:10 PM - System Checkpoint
    RP1135: 5/14/2011 10:57:45 PM - System Checkpoint
    RP1136: 5/15/2011 11:04:08 PM - System Checkpoint
    RP1137: 5/17/2011 12:04:20 AM - System Checkpoint
    RP1138: 5/18/2011 12:04:27 AM - System Checkpoint
    RP1139: 5/23/2011 2:27:34 AM - System Checkpoint
    RP1140: 5/24/2011 3:05:28 AM - System Checkpoint
    RP1141: 5/25/2011 3:17:29 AM - System Checkpoint
    RP1142: 5/26/2011 4:05:28 AM - System Checkpoint
    RP1143: 5/27/2011 4:17:29 AM - System Checkpoint
    RP1144: 5/28/2011 5:05:28 AM - System Checkpoint
    RP1145: 5/29/2011 5:09:07 AM - System Checkpoint
    RP1146: 5/30/2011 6:17:29 AM - System Checkpoint
    RP1147: 5/31/2011 7:17:46 AM - System Checkpoint
    RP1148: 6/1/2011 8:05:49 AM - System Checkpoint
    RP1149: 6/2/2011 8:17:49 AM - System Checkpoint
    RP1150: 6/3/2011 9:17:50 AM - System Checkpoint
    RP1151: 6/4/2011 10:16:02 AM - System Checkpoint
    RP1152: 6/5/2011 11:05:49 AM - System Checkpoint
    RP1153: 6/6/2011 12:05:49 PM - System Checkpoint
    RP1154: 6/7/2011 12:17:50 PM - System Checkpoint
    RP1155: 6/8/2011 1:02:40 PM - System Checkpoint
    RP1156: 6/9/2011 2:02:28 PM - System Checkpoint
    RP1157: 6/9/2011 4:26:30 PM - Installed Ad-Aware
    RP1158: 6/9/2011 4:26:41 PM - Installed Ad-Aware
    RP1159: 6/10/2011 6:46:44 PM - System Checkpoint
    RP1160: 6/11/2011 7:12:43 PM - System Checkpoint
    RP1161: 6/12/2011 8:17:26 PM - System Checkpoint
    RP1162: 6/13/2011 9:13:17 PM - System Checkpoint
    RP1163: 6/14/2011 6:17:46 PM - Removed Ad-Aware
    RP1164: 6/15/2011 6:24:55 AM - Software Distribution Service 3.0
    RP1165: 6/16/2011 6:48:12 AM - System Checkpoint
    RP1166: 6/17/2011 6:52:29 AM - System Checkpoint
    RP1167: 6/17/2011 12:33:19 PM - Restore Operation
    RP1168: 6/18/2011 1:10:04 PM - System Checkpoint
    RP1169: 6/19/2011 4:06:26 PM - System Checkpoint
    RP1170: 6/20/2011 6:51:17 PM - System Checkpoint
    RP1171: 6/21/2011 8:24:14 PM - Software Distribution Service 3.0
    RP1172: 6/22/2011 8:34:59 PM - System Checkpoint
    RP1173: 6/23/2011 7:23:29 PM - Restore Operation
    RP1174: 6/24/2011 7:29:17 PM - System Checkpoint
    RP1175: 6/25/2011 8:29:17 PM - System Checkpoint
    RP1176: 6/26/2011 9:13:14 PM - System Checkpoint
    RP1177: 6/27/2011 9:32:50 PM - System Checkpoint
    RP1178: 6/28/2011 7:14:10 PM - Removed WebEx Support Manager for Internet Explorer
    RP1179: 6/28/2011 8:51:37 PM - Software Distribution Service 3.0
    RP1180: 6/29/2011 9:57:37 PM - System Checkpoint
    RP1181: 6/30/2011 12:28:01 PM - Installed HiJackThis
    RP1182: 7/1/2011 1:15:19 PM - System Checkpoint
    RP1183: 7/2/2011 2:00:29 PM - System Checkpoint
    RP1184: 7/3/2011 3:56:26 PM - System Checkpoint
    RP1185: 7/4/2011 4:03:31 PM - System Checkpoint
    RP1186: 7/5/2011 5:03:31 PM - System Checkpoint
    RP1187: 7/6/2011 6:33:24 PM - System Checkpoint
    RP1188: 7/7/2011 4:13:04 PM - Software Distribution Service 3.0
    RP1189: 7/7/2011 4:41:49 PM - Removed HiJackThis
    RP1190: 7/7/2011 4:42:58 PM - Removed Google Earth.
    RP1191: 7/8/2011 5:04:23 PM - System Checkpoint
    RP1192: 7/9/2011 5:18:56 PM - System Checkpoint
    RP1193: 7/10/2011 6:18:54 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.0)
    ApluteoaMsr
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    ATI Display Driver
    CA Anti-Spyware
    CA Anti-Virus
    CA Internet Security Suite
    CA Personal Firewall
    CA Pest Patrol Realtime Protection
    CA Website Inspector
    Canon Camera WIA Driver
    Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    Dell System Restore
    Games, Music, & Photos Launcher
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections Drivers
    Internet Service Offers Launcher
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 19
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Pop-Up Stopper Free Edition
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SearchAssist
    Security Update for Microsoft .NET Framework 2.0 (KB928365)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkyCaddie Desktop
    Steam
    Supreme Commander 2
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Winamp
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/7/2011 4:41:52 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    7/7/2011 12:36:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    7/7/2011 12:36:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/6/2011 7:38:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    7/6/2011 7:38:28 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    .
    ==== End Of File ===========================
     
  9. jmtbkr

    jmtbkr TS Rookie Topic Starter

    WOW!!!

    hope you can help!
    thanks!!!
    jeff
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Jeff, it is possible the problem isn't malware related. but I'd like to run the following scans to see if either picks anything up:
    =======================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =======================================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    We will rule malware in or out and go from there.
     
  11. jmtbkr

    jmtbkr TS Rookie Topic Starter

    Combo fix is telling me to un-install my anti virus program, because it can't run. I am using the supplied Computer Associates stuff from Optimum Online.
    Shall I follow that instruction?
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for the delay- I've been swamped!

    Yes, you can use this- I think the CA program is the only other AV that Combofix won't run with:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    After you've done this, pick up the directions for Combofix in my Reply #10.
    Then follow with the Eset scan.
     
  13. jmtbkr

    jmtbkr TS Rookie Topic Starter

    ComboFix 11-07-15.03 - jeff 07/16/2011 9:35.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -4:00]
    Running from: c:\documents and settings\jeff\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\jeff\Application Data\.#
    c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383470.###
    c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383480.###
    c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383490.###
    c:\documents and settings\jeff\Application Data\.#\MBX@8F8@3834A0.###
    c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383470.###
    c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383480.###
    c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383490.###
    c:\documents and settings\jeff\Application Data\.#\MBX@CEC@3834A0.###
    c:\documents and settings\jeff\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-11 21:07 . 2011-07-11 21:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-07-11 20:42 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-11 20:41 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-07 20:38 . 2011-07-07 20:38 -------- d-----w- c:\program files\Common Files\Adobe
    2011-06-30 16:28 . 2011-06-30 16:28 -------- d-----w- c:\program files\Trend Micro
    2011-06-29 21:18 . 2011-06-29 21:22 -------- d-----w- c:\program files\SpyZooka
    2011-06-27 16:39 . 2011-07-11 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-23 23:27 . 2011-06-23 23:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-23 23:24 . 2011-06-23 23:24 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-06-20 00:13 . 2011-06-20 00:13 -------- d-----w- c:\documents and settings\jeff\Application Data\Malwarebytes
    2011-06-20 00:12 . 2011-06-20 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-28 23:18 . 2004-08-10 16:51 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2011-06-09 20:29 . 2011-06-09 20:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-02 14:02 . 2004-08-10 16:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2004-08-10 16:51 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07 . 2004-08-10 16:51 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-26 11:07 . 2004-08-10 16:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2004-08-10 16:51 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-04-01 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-28 16862720]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
    2010-05-04 20:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2011-01-26 21:30 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-04-01 20:45 1242448 ----a-w- c:\program files\Steam\steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:peer Name Resolution Protocol (PNRP)
    "67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 5:11 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 5:11 PM 136176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 21:10]
    .
    2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 21:10]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?hl=en
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080426
    TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    Notify-PFW - (no file)
    SafeBoot-89792245.sys
    MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
    MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    AddRemove-InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-16 09:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-07-16 09:42:52
    ComboFix-quarantined-files.txt 2011-07-16 13:42
    .
    Pre-Run: 211,073,392,640 bytes free
    Post-Run: 211,313,643,520 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 6D061E3A20239C17E838C85BC9246136
    ____________________________________________________________________________
    ESET scan:

    C:\Documents and Settings\jeff\Application Data\Sun\Java\Deployment\cache\6.0\11\377af0b-392a2bfa multiple threats
    C:\Documents and Settings\jeff\Application Data\Sun\Java\Deployment\cache\6.0\55\24b191f7-4e827f41 multiple threats
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1158\A0061302.dll Win32/TrojanDownloader.VB.OIC trojan
     
  14. jmtbkr

    jmtbkr TS Rookie Topic Starter

    Now that I have deleted my Computer Associates protection (spyware, antivirus, firewall, etc.) do you reccomend I reinstall the same package - free from my provider - or use another protection program for the future?

    So far my browser has returned to it's former, normal self. Yea!!!
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The security choice is yours. If it is being provided free by the ISP, you may want to keep. But my personal choice is stand along programs rather than a suite: Some basics for you:

    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...