Solved Firefox browser redirection :(

Status
Not open for further replies.
D

demismom

Posts: 23   +0
I'm finally admitting defeat! I just can't get rid of whatever is ailing my computer and it keeps getting worse. My Firefox is getting re-directed. I thought I'd fixed it a couple of weeks ago, but it's back. Can someone help me and then tell me the best Anti-virus program to buy? Thank you so much!
 
Welcome to TechSpot!A lot of different malware can cause the redirects.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

I will be glad to recommend AV programs to you, but it will take more than just changing the AV to remove the malware on the system.
 
Avast scan?

I downloaded the Avast program that was recommended and upon doing so there were several items that looked important and I didn't think I should delete them like WINDOWS\explorer.exe, so when I tried to move them to chest it said error read only file, so I assumes that means they couldn't be moved. The only other options I saw were delete, move to chest, repair or do nothing. What should I do with those files? Once I receive a response, I'll finish and then continue with step #2. Thanx!
 
Can't run TFC?

Well, I've just decided to choose ignore on Avast, so I could go to the next step, which was download TFC and run it. I can't run it. I click start, the blue progress bar gets about 3/4 of the way across and I get the blue screen of death: Fatal System Error Windows Logon Process - system process terminated uexpected and shut down. :( So now, what?
 
Logs

Malware Bytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6113

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/20/2011 10:19:06 PM
mbam-log-2011-03-20 (22-19-06).txt

Scan type: Quick scan
Objects scanned: 163250
Time elapsed: 34 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-20 22:24:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75FRA0 rev.77.07W77
Running: bjhzzbid.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1DCF026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1DCEE91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1E188DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----


DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 22:28:04.04 on Sun 03/20/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.679 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Alert\liveonline_3836970.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [3170 Scan2PC] "c:\windows\twain_32\samsung\clx3170\Scan2pc.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop alert\liveonline_3836970.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172317629046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r0wcz5ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://my.ebay.com/ws/eBayISAPI.dll...es&CurrentPage=MyeBaySummary&migrateVisitor=3
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayShortcutMaker.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npMozCouponPrinter.dll
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: JavaScript Debugger: {f13b157f-b174-47e7-a34d-4815ddfdfeb8} - %profile%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
FF - Ext: ModPlugin: {31d88f70-c791-42d8-8187-faaf71d42f67} - %profile%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
FF - Ext: MemberPlugin: MemberPlugin@edward.hibbert - %profile%\extensions\MemberPlugin@edward.hibbert
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C} - c:\documents and settings\administrator\local settings\application data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-18 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-18 42184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-2 1405384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-2 15232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
.
=============== Created Last 30 ================
.
2011-03-18 20:41:49 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-18 20:41:06 40648 ----a-w- c:\windows\avastSS.scr
2011-03-18 20:40:47 -------- d-----w- c:\program files\AVAST Software
2011-03-18 20:40:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-02 22:43:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-02 22:20:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-02 22:20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 22:16:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software
2011-03-02 22:15:30 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
2011-03-02 22:14:49 -------- d-----w- c:\program files\Lavasoft
2011-03-02 11:29:13 -------- dc-h--w- c:\windows\ie8
.
==================== Find3M ====================
.
2011-03-12 14:17:02 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-05 19:50:00 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-02 11:15:32 0 ----a-w- c:\windows\Jhukuxun.bin
2011-02-14 11:38:57 61440 ----a-w- c:\windows\uninstall.exe
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 10:59:20 61440 ----a-w- c:\windows\wnUninstall.exe
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
.
============= FINISH: 22:31:34.10 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2005 7:45:48 AM
System Uptime: 3/20/2011 9:36:03 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 3.175 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (FAT32) - 466 GiB total, 439.405 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP82: 2/15/2011 12:00:28 AM - Software Distribution Service 3.0
RP83: 2/16/2011 12:00:25 AM - Software Distribution Service 3.0
RP84: 2/17/2011 12:00:23 AM - Software Distribution Service 3.0
RP85: 2/18/2011 12:00:25 AM - Software Distribution Service 3.0
RP86: 2/19/2011 12:00:25 AM - Software Distribution Service 3.0
RP87: 2/20/2011 12:00:32 AM - Software Distribution Service 3.0
RP88: 2/21/2011 12:00:36 AM - Software Distribution Service 3.0
RP89: 2/22/2011 12:00:38 AM - Software Distribution Service 3.0
RP90: 2/23/2011 12:00:42 AM - Software Distribution Service 3.0
RP91: 2/24/2011 12:00:48 AM - Software Distribution Service 3.0
RP92: 2/25/2011 12:00:24 AM - Software Distribution Service 3.0
RP93: 2/26/2011 12:00:23 AM - Software Distribution Service 3.0
RP94: 2/26/2011 7:07:12 AM - Configured Microsoft Office Home and Student 2007
RP95: 2/27/2011 12:00:40 AM - Software Distribution Service 3.0
RP96: 2/28/2011 12:00:35 AM - Software Distribution Service 3.0
RP97: 3/1/2011 12:00:55 AM - Software Distribution Service 3.0
RP98: 3/2/2011 12:00:22 AM - Software Distribution Service 3.0
RP99: 3/2/2011 6:30:29 AM - Installed Windows Internet Explorer 8.
RP100: 3/2/2011 6:32:07 AM - Software Distribution Service 3.0
RP101: 3/2/2011 5:50:58 PM - Software Distribution Service 3.0
RP102: 3/3/2011 12:00:24 AM - Software Distribution Service 3.0
RP103: 3/4/2011 12:00:49 AM - Software Distribution Service 3.0
RP104: 3/5/2011 12:00:31 AM - Software Distribution Service 3.0
RP105: 3/6/2011 12:00:48 AM - Software Distribution Service 3.0
RP106: 3/7/2011 12:00:33 AM - Software Distribution Service 3.0
RP107: 3/8/2011 12:00:26 AM - Software Distribution Service 3.0
RP108: 3/9/2011 12:00:36 AM - Software Distribution Service 3.0
RP109: 3/10/2011 12:01:02 AM - Software Distribution Service 3.0
RP110: 3/11/2011 12:00:24 AM - Software Distribution Service 3.0
RP111: 3/12/2011 12:00:22 AM - Software Distribution Service 3.0
RP112: 3/12/2011 5:58:03 PM - Software Distribution Service 3.0
RP113: 3/13/2011 1:00:24 AM - Software Distribution Service 3.0
RP114: 3/14/2011 12:00:32 AM - Software Distribution Service 3.0
RP115: 3/15/2011 12:00:43 AM - Software Distribution Service 3.0
RP116: 3/16/2011 12:00:42 AM - Software Distribution Service 3.0
RP117: 3/16/2011 6:00:21 PM - Software Distribution Service 3.0
RP118: 3/17/2011 12:00:24 AM - Software Distribution Service 3.0
RP119: 3/18/2011 12:00:24 AM - Software Distribution Service 3.0
RP120: 3/18/2011 4:40:47 PM - avast! Free Antivirus Setup
RP121: 3/19/2011 12:00:28 AM - Software Distribution Service 3.0
RP122: 3/20/2011 12:00:31 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
6300
6300_Help
6300Trb
Ad-Aware
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe Setup
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
Amazon MP3 Downloader 1.0.9
APC PowerChute Personal Edition
Apple Application Support
avast! Free Antivirus
B57Inst
BCM V.92 56K Modem
Blaze Media Pro
Broadcom 440x 10/100 Integrated Controller
Broadcom Driver Installer
BufferChm
Business Card Designer Plus 9.5.0.1
Comcast High-Speed Internet Install Wizard
Corel Paint Shop Pro Photo X2
Corel Paint Shop Pro X
Corel Photo Album 6
Coupon Printer for Windows
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Dell ResourceCD
Desktop Alert
Desktop Doctor
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy CD Creator 5 Basic
erLT
Estimiser Pro
eSupportQFolder
Fax_CDA
FullDPAppQFolder
GdiplusUpgrade
HDValet
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
hpmdtab
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Extreme Graphics Driver
Ipswitch WS_FTP Pro Uninstall
Ipswitch WS_FTP Professional 2007
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Keynote Connector
Logitech MouseWare 9.77
Macromedia Flash Player
Magic Swf2Gif 1.35
Malwarebytes' Anti-Malware
MarketResearch
Memeo AutoBackup
Memeo AutoSync
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft FrontPage 2000 SR-1
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.6.15)
Mozilla Thunderbird (3.1.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NewCopy_CDA
NEXTEL Dashboard
OCR Software by I.R.I.S 7.0
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
overland
PanoStandAlone
PC SpeedScan Pro
PhotoGallery
Picasa 3
ProductContextNPI
QuickBooks
QuickBooks Pro 2008
QuickBooks Pro 2009
QuickTime
RandMap
Readme
RealPlayer
RegCure
Samsung CLX-3170 Series
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SkinsHP1
SlideShow
SmarThru 4
SmarThru PC Fax
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Status
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
SWiSHmax
TextPad 4.7
Toolbox
TrayApp
Unity Web Player
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
WebReg
Win2PDF 3.40.1
Win2PDF Font Helper 1.21 (GPL Ghostscript 8.62)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WMV to AVI MPEG VCD SVCD DVD Converter 1.3.2
.
==== Event Viewer Messages From Past Week ========
.
3/19/2011 9:30:44 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2011 9:30:39 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/18/2011 12:00:51 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
3/16/2011 6:11:11 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
 
I have a suggestion you might want to try. I see you are using C:\Program Files\Mozilla Firefox 3 Beta 4 According to Mozilla:
Firefox 3 Beta 4 is a developer preview release of Mozilla's next generation Firefox browser and is being made available for testing purposes only. These beta releases are targeted to Web developers and our testing community to gain feedback before advancing to the next stage in the release process.
Click to expand...
This was released March 10, 2008 so it's way out of date. Not only was the final v3 released a long time ago, it has progressed through many updates and almost finished testing of v4.
I suggest you update Firefox and let it update your extensions. Some may not be compatible with the current versions. You can find v3.6.15 HERE.

Do NOT choose the Beta 4 version.
Let me know how it goes when you have updated. I always advise you set a Restore Point first, before any download and always note on any download for pre-checked items. If there are any, uncheck them
=========================================
Regarding antivirus programs: Both Avast, which you have and Avira are free and good. If you feel you want to purchase an AV program, I recommend the Eset Nod32 AV. That's what I have an have been very pleased.

I don't get 'suites- that my preference, but I do recommend that you add a firewall and at least 2 antimalware programs. Here are some suggestions- all free:

Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
Antispyware: I recommend all of the following:
  • Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • Download ZonedOut and save to your desktop. This manages the Zones in Internet Explorer. It over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.)
  • Replace the Host Files
    MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.
  • The Site Advisor Web of Trust (WOT) add-on is a . Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

Edit: you have 2 antivirus programs running:
AV: avast! Antivirus *Enabled/Updated
AV: Lavasoft Ad-Watch Live! Anti-Virus
Please uninstall one of these.
 
Beta 4?

The link you provided above for Firefox is the Version 3 Beta 4 version, when I click update in my help menu it says there are no updates available. When I went to mozilla.org and clicked on and downloade 3.6.15 the download said it would download it in a folder and the folder name had Beta 4 in it. How do I NOT choose that when the only links I can find for Firefox are precicely that? That or I'm not comprehending what I'm reading correctly. Angela
 
I'm already using 3.6.15

I decided to take a look at my about Firefox on my help menu and it says Firefox v 3.6.15 already. Here's some other info it let me cut and paste:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 GTB7.1 (.NET CLR 3.5.30729)

Didn't know if any of that helped or not and I should still download from that link you provided even though it says it's the same version I already am using.

Angela
 
Firefox updated itself.

When I uninstalled Ad-aware, as suggested, I noticed that my Firefox updated itself upon restart and while it says 3.6.15 still as my version, instead of 2010 for the copyright date it says 2011, so something happened. I did a quick search on the internet and I wasn't re-directed. I'm still working the other steps, but wanted to let you know that bit of info. Angela
 
Super Antispyware

I have Super Antispyware and Malwarebytes on my computer for antispyware software. Do you recommend I uninstall them and use your recommendations instead or a combo of the two?????

I've installed ZoneAlarm as recommended as well. I already have the Google Toolbar installed as recommended.

In addition, I ran some searches on Google that had previously been re-directed and it wasn't this evening - I'm very impressed with your help!

Angela
 
Guess I spoke too soon

Just ran a search and got re-directed on Google. Interestingly enough, if I run a search and click on the cached version I don't usually get re-directed.
 
I would appreciate it when you have 1 or 2 lines to add, change or question that you use the Edit feature instead of making a new reply each time. I get email feedback for each of those replies!
Sometime before the end of December of 2010, you downloaded the Firefox 4 beta 4:
Another poor soul with re-directed Internet Searches

4 posts - 2 authors - Last post: Dec 30, 2010
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol400.dll. FF - plugin: c:\program files\mozilla firefox 3 beta ...
www.bleepingcomputer.com/forums/topic366695.html -
Click to expand...

You were having the redirect problem then but did not reply to the instructions you were given and deserted the thread.

About Firefox:
The v3 Beta 4 was a test program for the upcoming v4. I left the comment about it only should be used by developers. The fact that you have this version installed somewhere on your system and the fact that you have C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe and the fact that you have these 4 plugins for that version is most likely the cause of your problem:
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npMozCouponPrinter.dll
Click to expand...

I do note that the installed programs shows Mozilla Firefox (3.6.15)- But you need to uninstall the v3 beta 4 version and the 4 plugins for that version.
===================================================
After you've done that, come back if you're still getting redirected.

By the way, the link I left for Firefox opens the download for v3.6.15. I just rechecked the link- download box popups up right after you click on the link. Going to Help for the update or going to Mozilla.org wouldn't have been necessary.
 
I hope I'm replying correctly this time.

I'm very lost - the only reason I came back was because I couldn't remember where I posted the first time and lost the information for this site and I didn't seem to be having as many problems as I had been, so I figured whatever problems I was having were temporary.

As for firefox, I just clicked to update it whenever it says there is an updated version, I had no idea I had one on my computer for developers. It doesn't say that anywhere on my screen, it doesn't look any different than my previous version to me, anyway. My about says I'm NOT using v3 beta 4, it says v 3.6.15, where do I find this v3 beta 4? It's not in the control panel under add/remove programs, nor is the uninstall listed on the All Programs Button on the Start Menu, just the link to the program itself. So, I'm not sure how to uninstall it. :(

I just decided to try and see if I could find the uninstall program via my windows explorer and when I double clicked it or try to get to it through accessories I get a pop-up that says windows cannot access, blah blah blah. I'm going to try and re-boot my computer, hopefully it's something as simple as that.

That didn't work, sooooooooo I went into Firefox 3 Beta 4 folder through my FTP program and found the uninstall and it uninstalled even 3.15, but not my bookmarks, etc. I thought it had and was really ticked off! :) But I still can't get my windows explorer to work, it says I don't have proper permissions or something. I do see it running on my task manager. Any idea how to fix that?
 
I removed Firefox V3 Beta 4 and plugins, as directed, and I got redirected this morning. Did a Google Search for Auto repair Niles, MI and when I clicked on marshautorepair.com I got redirected to target.com. :( In addition, avast is finding lots of threats in files that I use often, like my bookkeeping program, quickbooks, and my email program Thunderbird.
 
Okay, you need to focus on just the malware-or possible malware problem and not divert the thread. In order to do that, it is necessary for you to follow my instructions:

The beta Firefox entries have now been handled. Since you are still getting redirected, please do the following:
1. Run this Security Check

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=====================================
2. Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=======================================
3. Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===========================================
Please do not attempt to install, uninstall, update unless I direct you to do so.
 
checkup.txt:

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ZoneAlarm
ZoneAlarm Toolbar
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 7.1.0
Adobe Reader 7.0.5 Language Support
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16) Firefox Out of Date!
Mozilla Thunderbird (3.1.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Desktop Alert liveonline_3836970.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````


As for the next program, ESET, it will not run - it says "cannot get update", is proxy configured when it tries to get the signature database. I wasn't sure if I should continue to the next item without doing the ESET, so I await your response. Angela
 
Okay< for the security:

Uninstall:
HijackThis 1.99.1
Java(TM) 6 Update 18
Adobe Reader 7.1.0
Adobe Reader 7.0.5 Language Support

Update:
Java : Check this site Java Updates
Adobe Reader: Visit this Adobe Reader
Mozilla Firefox (3.6.16)> I think this is up to v3.6.19 if you want to keep v3.6.

Please go ahead an run Combofix. I should be able to see the proxy stopping the Eset scan and can shut it down.
 
I know you asked me not to start new replies, but I've done everything you've asked in your latest post and for the past 30 minutes combofix has been on the same screen: "Preparing Log Report. Do not run any programs until Combox has finished." How long will this screen stay on before the log pops up or is it stalled? I did not touch it as told not to. I'm using my laptop to post this reply. If it is stuck, do I restart it or what should I do???? Angela

Well, the Preparing Log Report window is still up, with no report in sight. I'm tired and going to bed.

Okay, it's 7 hours later and the same combofix screen is still on my computer. What should I do?

Well, I finally got my computer to boot so that I could see if I could find the combofix.txt file and I did. Not sure if it's complete or not, but here it is:

ComboFix 11-03-26.01 - Administrator 03/26/2011 21:26:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.827 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
 
Please remove one of these firewalls:

FW: Trend Micro Personal Firewall
FW: ZoneAlarm Firewall

You may actually have the program 'firewalled out'!
 
I'm not sure what I should do

It looks like the Trend Micro Firewall is coming from some program that Comcast Cable installed on my computer for the internet, so I'm nervous about touching that, so I turned off the Zone Alarm and it said I had NO Firewall installed. If that's the case, then do you have any idea how to check the Trend Micro settings? I can't find the program itself, just a folder, but no .exe file to click on to bring up it's home screen. :( Not sure what to do, could use some advice. Thanx!
 
Please check with Comcast to find out what security they are providing. You should end up with one antivirus program and one firewall. Okay to have multiple spyware/adware programs.

You can disable ZoneAlarm for now and check with Comcast later. I need you to try to run Combofix:

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to
demismon.exe BEFORE saving it to your desktop.
Do NOT run it yet.
3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

4. Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
*************************************
Once you've gotten one of them to run, immediately run

demismom.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.
 
How long do I give combo fix to run? It's been an hour and it says it's preparing log file or something like that. Just wondering if I should stop it and do the next stap as instructed.
 
Sorry it took so long

It took a long time, but I finally got a log out of combofix on the first try, I just decided to let it run all night, if need be. Here is the log:

ComboFix 11-03-29.06 - Administrator 03/30/2011 16:54:04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.960 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\install.rdf
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\windows\http
c:\windows\inf\im1100.vbs
c:\windows\system32\bszip.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\Thumbs.db
G:\autorun.inf
.
-- Previous Run --
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
.
.
2011-03-29 22:26 . 2011-03-29 22:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PSU
2011-03-27 01:07 . 2011-03-27 01:07 -------- d-----w- c:\program files\Common Files\Java
2011-03-27 01:07 . 2011-03-27 01:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-27 01:07 . 2011-03-27 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-27 01:07 . 2011-03-27 01:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-22 01:52 . 2011-03-22 01:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint
2011-03-22 01:51 . 2011-03-24 22:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2011-03-22 01:51 . 2011-03-22 01:51 -------- d-----w- c:\program files\Conduit
2011-03-22 01:51 . 2011-03-24 22:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ZoneAlarm_Security
2011-03-22 01:51 . 2011-03-22 01:51 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-03-22 01:50 . 2011-03-22 01:50 -------- d-----w- c:\program files\CheckPoint
2011-03-22 01:49 . 2011-02-18 21:28 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-22 01:49 . 2011-02-18 21:28 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-03-22 01:49 . 2011-03-22 01:52 -------- d-----w- c:\windows\system32\ZoneLabs
2011-03-22 01:49 . 2011-02-18 21:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- c:\program files\Zone Labs
2011-03-22 01:48 . 2011-03-30 20:43 -------- d-----w- c:\windows\Internet Logs
2011-03-18 20:41 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-18 20:41 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-18 20:41 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-18 20:41 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-18 20:41 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-18 20:41 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-18 20:41 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-18 20:41 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-18 20:41 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-18 20:41 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-18 20:40 . 2011-03-18 20:40 -------- d-----w- c:\program files\AVAST Software
2011-03-18 20:40 . 2011-03-18 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-02 22:20 . 2011-03-02 22:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 22:16 . 2011-03-02 22:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2011-03-02 22:14 . 2011-03-22 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-03-02 11:29 . 2011-03-02 11:30 -------- dc-h--w- c:\windows\ie8
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 14:17 . 2010-09-30 22:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-14 11:38 . 2011-02-14 11:38 61440 ----a-w- c:\windows\uninstall.exe
2011-02-09 13:53 . 2003-07-16 16:37 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-07-16 16:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2005-10-05 11:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 10:59 . 2005-10-05 15:35 61440 ----a-w- c:\windows\wnUninstall.exe
2011-01-27 11:57 . 2005-10-05 11:35 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-07-16 16:38 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-07-16 16:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2003-07-16 16:45 1854976 ----a-w- c:\windows\system32\win32k.sys
2011-03-27 00:58 . 2011-03-27 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-12-01 15:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-24 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-26 19968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\liveonline_3836970.exe [2011-2-14 458752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-13 221247]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-21 10:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\"=
"c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
"c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
"c:\\Estimiser Pro\\Estimiser Pro.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 4:41 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/18/2011 4:41 PM 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2011 4:41 PM 19544]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 11:25 AM 26872]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-03-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r0wcz5ai.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Motorola USB Modem Installation - c:\program files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-30 17:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1592454029-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,56,83,c4,d9,55,a2,42,b3,0d,83,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,56,83,c4,d9,55,a2,42,b3,0d,83,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,43,a3,21,80,85,90,43,a3,aa,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,43,a3,21,80,85,90,43,a3,aa,f4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A1146105-B145-D547-791CC80E83BF21B6}\{DC78455E-4161-0768-1856DB98A0FFD8AF}\{619B65F9-9B50-CD99-3F29A63495E25D6C}*]
"NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(780)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2011-03-30 18:57:51
ComboFix-quarantined-files.txt 2011-03-30 22:57
.
Pre-Run: 3,200,679,936 bytes free
Post-Run: 3,151,106,048 bytes free
.
- - End Of File - - 561E31B95EF4EC33AF00B8E6D1751FE9
 
Status
Not open for further replies.

Similar threads

A
Mozilla fixed an 18-year old CSS bug in the Firefox browser
Replies
9
Views
955
Zlodej5
Zlodej5
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
2K
Kshipper
Kshipper

Latest posts

Back