Inactive Different browser issue - redirect fixed, but....

[jmtbkr]

Hi all!

I recently went thru the Google re-direct hijacking mess. Ran Maleware and Hijackthis and it seems to have gone away.

I use IE8. Google home page.

Some web sites load up completely,with me logged on. Some don't. Some sites log on, but no images at all - just white box/red X.
Others I have to constantly log on, then log on again after I post something. But the images are there.

Never had this until I got browser-jacked a few weeks ago.

Can anybody please help?

thanks!
jeff

 

[Bobbye]

Welcome to TechSpot! Let's address this:

I recently went thru the Google re-direct hijacking mess. Ran Maleware and Hijackthis and it seems to have gone away.

Symptoms will sometimes resolve and people will "assume" the malware is gone. This is rarely the case. I do see we didn't help you here. The best thing to do is check the system-properly- for malware and remove it. It's very possible that Mbam and HJT did not remove all of the entries- or-if the problem was caused by a rootkit, specific scanning programs have to be used>>> best with supervision.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=====================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[jmtbkr]

thanks for the offer to help.
I will be out of town for a few days and will do all you ask when I return on Monday.
jeff

 

[Bobbye]

Thank you for letting me know.

I'll keep the thread open until then.

 

[jmtbkr]

I started the proceedure

www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/11/2011 4:57:05 PM
mbam-log-2011-07-11 (16-57-05).txt

Scan type: Quick scan
Objects scanned: 145792
Time elapsed: 12 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[jmtbkr]

gmer.log

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-11 17:10:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDP725025GLA380 rev.GM2OA5BA
Running: gmer.exe; Driver: C:\DOCUME~1\jeff\LOCALS~1\Temp\uftdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)

---- EOF - GMER 1.0.15 ----

 

[jmtbkr]

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jeff at 17:12:49 on 2011-07-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1373 [GMT -4:00]
.
AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080426
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{CC1A1A18-22CC-485A-BCC6-F68B0057A66A} : DhcpNameServer = 167.206.254.2 167.206.254.1
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-10-23 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-10-23 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-23 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-10-23 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-10-23 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-10-23 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-10-23 255312]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-10-23 185680]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-23 130280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
.
=============== Created Last 30 ================
.
2011-07-11 20:42:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 20:41:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 16:28:02 -------- d-----w- c:\program files\Trend Micro
2011-06-29 21:18:10 -------- d-----w- c:\program files\SpyZooka
2011-06-27 16:39:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 23:27:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 23:24:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-23 23:24:10 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-20 00:13:03 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2011-06-20 00:12:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-15 10:24:21 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 22:46:01 -------- d-----w- c:\documents and settings\jeff\local settings\application data\Mozilla
.
==================== Find3M ====================
.
2011-06-28 23:18:29 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-09 20:29:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 17:13:51.60 ===============

 

[jmtbkr]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/30/2008 5:00:07 PM
System Uptime: 7/8/2011 2:58:09 PM (75 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 229 GiB total, 192.292 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1102: 4/13/2011 3:21:16 AM - System Checkpoint
RP1103: 4/14/2011 3:31:00 AM - System Checkpoint
RP1104: 4/14/2011 12:40:51 PM - Software Distribution Service 3.0
RP1105: 4/15/2011 12:56:41 PM - System Checkpoint
RP1106: 4/16/2011 2:08:11 PM - System Checkpoint
RP1107: 4/17/2011 6:26:21 PM - System Checkpoint
RP1108: 4/18/2011 6:48:16 PM - System Checkpoint
RP1109: 4/19/2011 9:35:45 PM - System Checkpoint
RP1110: 4/20/2011 9:49:16 PM - System Checkpoint
RP1111: 4/21/2011 8:24:45 PM - Unsigned driver install
RP1112: 4/22/2011 8:44:13 PM - System Checkpoint
RP1113: 4/23/2011 9:49:15 PM - System Checkpoint
RP1114: 4/24/2011 10:37:14 PM - System Checkpoint
RP1115: 4/25/2011 10:49:16 PM - System Checkpoint
RP1116: 4/26/2011 11:37:16 PM - System Checkpoint
RP1117: 4/27/2011 11:49:17 PM - System Checkpoint
RP1118: 4/29/2011 12:49:17 AM - System Checkpoint
RP1119: 4/30/2011 1:37:16 AM - System Checkpoint
RP1120: 4/30/2011 8:48:51 AM - Software Distribution Service 3.0
RP1121: 5/1/2011 9:13:03 AM - System Checkpoint
RP1122: 5/2/2011 10:07:25 AM - System Checkpoint
RP1123: 5/3/2011 10:07:35 AM - System Checkpoint
RP1124: 5/4/2011 10:55:34 AM - System Checkpoint
RP1125: 5/5/2011 11:55:34 AM - System Checkpoint
RP1126: 5/6/2011 1:11:36 PM - System Checkpoint
RP1127: 5/7/2011 1:25:14 PM - System Checkpoint
RP1128: 5/8/2011 2:04:10 PM - System Checkpoint
RP1129: 5/9/2011 3:03:57 PM - System Checkpoint
RP1130: 5/10/2011 3:52:08 PM - System Checkpoint
RP1131: 5/11/2011 4:00:06 PM - System Checkpoint
RP1132: 5/11/2011 4:55:28 PM - Software Distribution Service 3.0
RP1133: 5/12/2011 9:18:32 PM - System Checkpoint
RP1134: 5/13/2011 10:15:10 PM - System Checkpoint
RP1135: 5/14/2011 10:57:45 PM - System Checkpoint
RP1136: 5/15/2011 11:04:08 PM - System Checkpoint
RP1137: 5/17/2011 12:04:20 AM - System Checkpoint
RP1138: 5/18/2011 12:04:27 AM - System Checkpoint
RP1139: 5/23/2011 2:27:34 AM - System Checkpoint
RP1140: 5/24/2011 3:05:28 AM - System Checkpoint
RP1141: 5/25/2011 3:17:29 AM - System Checkpoint
RP1142: 5/26/2011 4:05:28 AM - System Checkpoint
RP1143: 5/27/2011 4:17:29 AM - System Checkpoint
RP1144: 5/28/2011 5:05:28 AM - System Checkpoint
RP1145: 5/29/2011 5:09:07 AM - System Checkpoint
RP1146: 5/30/2011 6:17:29 AM - System Checkpoint
RP1147: 5/31/2011 7:17:46 AM - System Checkpoint
RP1148: 6/1/2011 8:05:49 AM - System Checkpoint
RP1149: 6/2/2011 8:17:49 AM - System Checkpoint
RP1150: 6/3/2011 9:17:50 AM - System Checkpoint
RP1151: 6/4/2011 10:16:02 AM - System Checkpoint
RP1152: 6/5/2011 11:05:49 AM - System Checkpoint
RP1153: 6/6/2011 12:05:49 PM - System Checkpoint
RP1154: 6/7/2011 12:17:50 PM - System Checkpoint
RP1155: 6/8/2011 1:02:40 PM - System Checkpoint
RP1156: 6/9/2011 2:02:28 PM - System Checkpoint
RP1157: 6/9/2011 4:26:30 PM - Installed Ad-Aware
RP1158: 6/9/2011 4:26:41 PM - Installed Ad-Aware
RP1159: 6/10/2011 6:46:44 PM - System Checkpoint
RP1160: 6/11/2011 7:12:43 PM - System Checkpoint
RP1161: 6/12/2011 8:17:26 PM - System Checkpoint
RP1162: 6/13/2011 9:13:17 PM - System Checkpoint
RP1163: 6/14/2011 6:17:46 PM - Removed Ad-Aware
RP1164: 6/15/2011 6:24:55 AM - Software Distribution Service 3.0
RP1165: 6/16/2011 6:48:12 AM - System Checkpoint
RP1166: 6/17/2011 6:52:29 AM - System Checkpoint
RP1167: 6/17/2011 12:33:19 PM - Restore Operation
RP1168: 6/18/2011 1:10:04 PM - System Checkpoint
RP1169: 6/19/2011 4:06:26 PM - System Checkpoint
RP1170: 6/20/2011 6:51:17 PM - System Checkpoint
RP1171: 6/21/2011 8:24:14 PM - Software Distribution Service 3.0
RP1172: 6/22/2011 8:34:59 PM - System Checkpoint
RP1173: 6/23/2011 7:23:29 PM - Restore Operation
RP1174: 6/24/2011 7:29:17 PM - System Checkpoint
RP1175: 6/25/2011 8:29:17 PM - System Checkpoint
RP1176: 6/26/2011 9:13:14 PM - System Checkpoint
RP1177: 6/27/2011 9:32:50 PM - System Checkpoint
RP1178: 6/28/2011 7:14:10 PM - Removed WebEx Support Manager for Internet Explorer
RP1179: 6/28/2011 8:51:37 PM - Software Distribution Service 3.0
RP1180: 6/29/2011 9:57:37 PM - System Checkpoint
RP1181: 6/30/2011 12:28:01 PM - Installed HiJackThis
RP1182: 7/1/2011 1:15:19 PM - System Checkpoint
RP1183: 7/2/2011 2:00:29 PM - System Checkpoint
RP1184: 7/3/2011 3:56:26 PM - System Checkpoint
RP1185: 7/4/2011 4:03:31 PM - System Checkpoint
RP1186: 7/5/2011 5:03:31 PM - System Checkpoint
RP1187: 7/6/2011 6:33:24 PM - System Checkpoint
RP1188: 7/7/2011 4:13:04 PM - Software Distribution Service 3.0
RP1189: 7/7/2011 4:41:49 PM - Removed HiJackThis
RP1190: 7/7/2011 4:42:58 PM - Removed Google Earth.
RP1191: 7/8/2011 5:04:23 PM - System Checkpoint
RP1192: 7/9/2011 5:18:56 PM - System Checkpoint
RP1193: 7/10/2011 6:18:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
ApluteoaMsr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Display Driver
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
CA Pest Patrol Realtime Protection
CA Website Inspector
Canon Camera WIA Driver
Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Dell System Restore
Games, Music, & Photos Launcher
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Connections Drivers
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 19
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Pop-Up Stopper Free Edition
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkyCaddie Desktop
Steam
Supreme Commander 2
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 4:41:52 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/7/2011 12:36:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
7/7/2011 12:36:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/6/2011 7:38:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/6/2011 7:38:28 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================

 

[jmtbkr]

WOW!!!

hope you can help!
thanks!!!
jeff

 

[Bobbye]

Jeff, it is possible the problem isn't malware related. but I'd like to run the following scans to see if either picks anything up:
=======================================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=======================================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

We will rule malware in or out and go from there.

 

[jmtbkr]

Combo fix is telling me to un-install my anti virus program, because it can't run. I am using the supplied Computer Associates stuff from Optimum Online.
Shall I follow that instruction?

 

[Bobbye]

Sorry for the delay- I've been swamped!

Yes, you can use this- I think the CA program is the only other AV that Combofix won't run with:

Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
After you've done this, pick up the directions for Combofix in my Reply #10.
Then follow with the Eset scan.

 

[jmtbkr]

ComboFix 11-07-15.03 - jeff 07/16/2011 9:35.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1476 [GMT -4:00]
Running from: c:\documents and settings\jeff\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jeff\Application Data\.#
c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383470.###
c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383480.###
c:\documents and settings\jeff\Application Data\.#\MBX@8F8@383490.###
c:\documents and settings\jeff\Application Data\.#\MBX@8F8@3834A0.###
c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383470.###
c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383480.###
c:\documents and settings\jeff\Application Data\.#\MBX@CEC@383490.###
c:\documents and settings\jeff\Application Data\.#\MBX@CEC@3834A0.###
c:\documents and settings\jeff\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-11 21:07 . 2011-07-11 21:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-11 20:42 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-11 20:41 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-07 20:38 . 2011-07-07 20:38 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-30 16:28 . 2011-06-30 16:28 -------- d-----w- c:\program files\Trend Micro
2011-06-29 21:18 . 2011-06-29 21:22 -------- d-----w- c:\program files\SpyZooka
2011-06-27 16:39 . 2011-07-11 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 23:27 . 2011-06-23 23:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-23 23:24 . 2011-06-23 23:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-20 00:13 . 2011-06-20 00:13 -------- d-----w- c:\documents and settings\jeff\Application Data\Malwarebytes
2011-06-20 00:12 . 2011-06-20 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 23:18 . 2004-08-10 16:51 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-09 20:29 . 2011-06-09 20:29 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-02 14:02 . 2004-08-10 16:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-10 16:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-10 16:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-10 16:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 16:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 16:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
"Steam"="c:\program files\Steam\Steam.exe" [2011-04-01 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 16862720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 20:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-26 21:30 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-04-01 20:45 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:EnabledHCP Discovery Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 5:11 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2010 5:11 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 21:10]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-26 21:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080426
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-PFW - (no file)
SafeBoot-89792245.sys
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
AddRemove-InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 09:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-07-16 09:42:52
ComboFix-quarantined-files.txt 2011-07-16 13:42
.
Pre-Run: 211,073,392,640 bytes free
Post-Run: 211,313,643,520 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6D061E3A20239C17E838C85BC9246136
____________________________________________________________________________
ESET scan:

C:\Documents and Settings\jeff\Application Data\Sun\Java\Deployment\cache\6.0\11\377af0b-392a2bfa multiple threats
C:\Documents and Settings\jeff\Application Data\Sun\Java\Deployment\cache\6.0\55\24b191f7-4e827f41 multiple threats
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1158\A0061302.dll Win32/TrojanDownloader.VB.OIC trojan

 

[jmtbkr]

Now that I have deleted my Computer Associates protection (spyware, antivirus, firewall, etc.) do you reccomend I reinstall the same package - free from my provider - or use another protection program for the future?

So far my browser has returned to it's former, normal self. Yea!!!

 

[Bobbye]

The security choice is yours. If it is being provided free by the ISP, you may want to keep. But my personal choice is stand along programs rather than a suite: Some basics for you:

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.