TechSpot

Firefox browser redirection :(

By demismom
Mar 18, 2011
  1. I'm finally admitting defeat! I just can't get rid of whatever is ailing my computer and it keeps getting worse. My Firefox is getting re-directed. I thought I'd fixed it a couple of weeks ago, but it's back. Can someone help me and then tell me the best Anti-virus program to buy? Thank you so much!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!A lot of different malware can cause the redirects.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I will be glad to recommend AV programs to you, but it will take more than just changing the AV to remove the malware on the system.
     
  3. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Avast scan?

    I downloaded the Avast program that was recommended and upon doing so there were several items that looked important and I didn't think I should delete them like WINDOWS\explorer.exe, so when I tried to move them to chest it said error read only file, so I assumes that means they couldn't be moved. The only other options I saw were delete, move to chest, repair or do nothing. What should I do with those files? Once I receive a response, I'll finish and then continue with step #2. Thanx!
     
  4. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Can't run TFC?

    Well, I've just decided to choose ignore on Avast, so I could go to the next step, which was download TFC and run it. I can't run it. I click start, the blue progress bar gets about 3/4 of the way across and I get the blue screen of death: Fatal System Error Windows Logon Process - system process terminated uexpected and shut down. :( So now, what?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Reboot the computer. Then go one to the other programs please.
     
  6. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Logs

    Malware Bytes Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6113

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/20/2011 10:19:06 PM
    mbam-log-2011-03-20 (22-19-06).txt

    Scan type: Quick scan
    Objects scanned: 163250
    Time elapsed: 34 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER log:

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-03-20 22:24:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75FRA0 rev.77.07W77
    Running: bjhzzbid.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1DCF026]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1DCEE91]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1E188DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----


    DDS.txt:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Administrator at 22:28:04.04 on Sun 03/20/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.679 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Trend Micro Personal Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Desktop Alert\liveonline_3836970.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Windows Internet Explorer provided by MSN & Bing
    mWindow Title = Windows Internet Explorer provided by Comcast
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [BCMSMMSG] BCMSMMSG.exe
    mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [3170 Scan2PC] "c:\windows\twain_32\samsung\clx3170\Scan2pc.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\desktop alert\liveonline_3836970.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172317629046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r0wcz5ai.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://my.ebay.com/ws/eBayISAPI.dll...es&CurrentPage=MyeBaySummary&migrateVisitor=3
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayAccessComponent.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\{62760fd6-b943-48c9-ab09-f99c6fe96088}\platform\winnt\components\ebayShortcutMaker.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\r0wcz5ai.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07051001.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 4\plugins\npMozCouponPrinter.dll
    FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
    FF - Ext: JavaScript Debugger: {f13b157f-b174-47e7-a34d-4815ddfdfeb8} - %profile%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Remove It Permanently: {1dbc4a33-ea62-4330-966c-7bdad3455322} - %profile%\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
    FF - Ext: ModPlugin: {31d88f70-c791-42d8-8187-faaf71d42f67} - %profile%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
    FF - Ext: MemberPlugin: MemberPlugin@edward.hibbert - %profile%\extensions\MemberPlugin@edward.hibbert
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 3 beta 4\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox 3 beta 4\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: XULRunner: {BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C} - c:\documents and settings\administrator\local settings\application data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-18 301528]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-18 19544]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-18 42184]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-2 1405384]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-2 15232]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
    .
    =============== Created Last 30 ================
    .
    2011-03-18 20:41:49 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-18 20:41:06 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-18 20:40:47 -------- d-----w- c:\program files\AVAST Software
    2011-03-18 20:40:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
    2011-03-02 22:43:49 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-02 22:20:52 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-02 22:20:25 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-02 22:16:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Sunbelt Software
    2011-03-02 22:15:30 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{7F66490B-6C2B-46B6-8BA2-867BC3B4F5EB}
    2011-03-02 22:14:49 -------- d-----w- c:\program files\Lavasoft
    2011-03-02 11:29:13 -------- dc-h--w- c:\windows\ie8
    .
    ==================== Find3M ====================
    .
    2011-03-12 14:17:02 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-03-05 19:50:00 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-03-02 11:15:32 0 ----a-w- c:\windows\Jhukuxun.bin
    2011-02-14 11:38:57 61440 ----a-w- c:\windows\uninstall.exe
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-28 10:59:20 61440 ----a-w- c:\windows\wnUninstall.exe
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    .
    ============= FINISH: 22:31:34.10 ===============


    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/5/2005 7:45:48 AM
    System Uptime: 3/20/2011 9:36:03 PM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0G1548
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 3.175 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    G: is FIXED (FAT32) - 466 GiB total, 439.405 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP82: 2/15/2011 12:00:28 AM - Software Distribution Service 3.0
    RP83: 2/16/2011 12:00:25 AM - Software Distribution Service 3.0
    RP84: 2/17/2011 12:00:23 AM - Software Distribution Service 3.0
    RP85: 2/18/2011 12:00:25 AM - Software Distribution Service 3.0
    RP86: 2/19/2011 12:00:25 AM - Software Distribution Service 3.0
    RP87: 2/20/2011 12:00:32 AM - Software Distribution Service 3.0
    RP88: 2/21/2011 12:00:36 AM - Software Distribution Service 3.0
    RP89: 2/22/2011 12:00:38 AM - Software Distribution Service 3.0
    RP90: 2/23/2011 12:00:42 AM - Software Distribution Service 3.0
    RP91: 2/24/2011 12:00:48 AM - Software Distribution Service 3.0
    RP92: 2/25/2011 12:00:24 AM - Software Distribution Service 3.0
    RP93: 2/26/2011 12:00:23 AM - Software Distribution Service 3.0
    RP94: 2/26/2011 7:07:12 AM - Configured Microsoft Office Home and Student 2007
    RP95: 2/27/2011 12:00:40 AM - Software Distribution Service 3.0
    RP96: 2/28/2011 12:00:35 AM - Software Distribution Service 3.0
    RP97: 3/1/2011 12:00:55 AM - Software Distribution Service 3.0
    RP98: 3/2/2011 12:00:22 AM - Software Distribution Service 3.0
    RP99: 3/2/2011 6:30:29 AM - Installed Windows Internet Explorer 8.
    RP100: 3/2/2011 6:32:07 AM - Software Distribution Service 3.0
    RP101: 3/2/2011 5:50:58 PM - Software Distribution Service 3.0
    RP102: 3/3/2011 12:00:24 AM - Software Distribution Service 3.0
    RP103: 3/4/2011 12:00:49 AM - Software Distribution Service 3.0
    RP104: 3/5/2011 12:00:31 AM - Software Distribution Service 3.0
    RP105: 3/6/2011 12:00:48 AM - Software Distribution Service 3.0
    RP106: 3/7/2011 12:00:33 AM - Software Distribution Service 3.0
    RP107: 3/8/2011 12:00:26 AM - Software Distribution Service 3.0
    RP108: 3/9/2011 12:00:36 AM - Software Distribution Service 3.0
    RP109: 3/10/2011 12:01:02 AM - Software Distribution Service 3.0
    RP110: 3/11/2011 12:00:24 AM - Software Distribution Service 3.0
    RP111: 3/12/2011 12:00:22 AM - Software Distribution Service 3.0
    RP112: 3/12/2011 5:58:03 PM - Software Distribution Service 3.0
    RP113: 3/13/2011 1:00:24 AM - Software Distribution Service 3.0
    RP114: 3/14/2011 12:00:32 AM - Software Distribution Service 3.0
    RP115: 3/15/2011 12:00:43 AM - Software Distribution Service 3.0
    RP116: 3/16/2011 12:00:42 AM - Software Distribution Service 3.0
    RP117: 3/16/2011 6:00:21 PM - Software Distribution Service 3.0
    RP118: 3/17/2011 12:00:24 AM - Software Distribution Service 3.0
    RP119: 3/18/2011 12:00:24 AM - Software Distribution Service 3.0
    RP120: 3/18/2011 4:40:47 PM - avast! Free Antivirus Setup
    RP121: 3/19/2011 12:00:28 AM - Software Distribution Service 3.0
    RP122: 3/20/2011 12:00:31 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    6300
    6300_Help
    6300Trb
    Ad-Aware
    Adobe Extension Manager CS3
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.1.0
    Adobe Setup
    Adobe Shockwave Player
    AiO_Scan_CDA
    AiOSoftwareNPI
    Amazon MP3 Downloader 1.0.9
    APC PowerChute Personal Edition
    Apple Application Support
    avast! Free Antivirus
    B57Inst
    BCM V.92 56K Modem
    Blaze Media Pro
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Driver Installer
    BufferChm
    Business Card Designer Plus 9.5.0.1
    Comcast High-Speed Internet Install Wizard
    Corel Paint Shop Pro Photo X2
    Corel Paint Shop Pro X
    Corel Photo Album 6
    Coupon Printer for Windows
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Panorama1Config
    cp_PosterPrintConfig
    CueTour
    CustomerResearchQFolder
    Dell ResourceCD
    Desktop Alert
    Desktop Doctor
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    DocumentViewerQFolder
    Easy CD Creator 5 Basic
    erLT
    Estimiser Pro
    eSupportQFolder
    Fax_CDA
    FullDPAppQFolder
    GdiplusUpgrade
    HDValet
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 7.0
    HP Document Viewer 7.0
    HP Imaging Device Functions 7.0
    HP Photosmart Premier Software 6.5
    HP Photosmart, Officejet and Deskjet 7.0.A
    HP Solution Center 7.0
    HP Update
    hpmdtab
    HPPhotoSmartExpress
    HPProductAssistant
    InstantShareDevices
    InstantShareDevicesMFC
    Intel(R) Extreme Graphics Driver
    Ipswitch WS_FTP Pro Uninstall
    Ipswitch WS_FTP Professional 2007
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Keynote Connector
    Logitech MouseWare 9.77
    Macromedia Flash Player
    Magic Swf2Gif 1.35
    Malwarebytes' Anti-Malware
    MarketResearch
    Memeo AutoBackup
    Memeo AutoSync
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft FrontPage 2000 SR-1
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 97, Professional Edition
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Word 2002
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (3.6.15)
    Mozilla Thunderbird (3.1.9)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NewCopy_CDA
    NEXTEL Dashboard
    OCR Software by I.R.I.S 7.0
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    overland
    PanoStandAlone
    PC SpeedScan Pro
    PhotoGallery
    Picasa 3
    ProductContextNPI
    QuickBooks
    QuickBooks Pro 2008
    QuickBooks Pro 2009
    QuickTime
    RandMap
    Readme
    RealPlayer
    RegCure
    Samsung CLX-3170 Series
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    SkinsHP1
    SlideShow
    SmarThru 4
    SmarThru PC Fax
    SolutionCenter
    Sonic_PrimoSDK
    SoundMAX
    Status
    SUPERAntiSpyware Free Edition
    SupportSoft Assisted Service
    SWiSHmax
    TextPad 4.7
    Toolbox
    TrayApp
    Unity Web Player
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WD Diagnostics
    WebFldrs XP
    WebReg
    Win2PDF 3.40.1
    Win2PDF Font Helper 1.21 (GPL Ghostscript 8.62)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WMV to AVI MPEG VCD SVCD DVD Converter 1.3.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/19/2011 9:30:44 AM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
    3/19/2011 9:30:39 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/18/2011 12:00:51 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
    3/16/2011 6:11:11 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have a suggestion you might want to try. I see you are using C:\Program Files\Mozilla Firefox 3 Beta 4 According to Mozilla:
    This was released March 10, 2008 so it's way out of date. Not only was the final v3 released a long time ago, it has progressed through many updates and almost finished testing of v4.
    I suggest you update Firefox and let it update your extensions. Some may not be compatible with the current versions. You can find v3.6.15 HERE.

    Do NOT choose the Beta 4 version.
    Let me know how it goes when you have updated. I always advise you set a Restore Point first, before any download and always note on any download for pre-checked items. If there are any, uncheck them
    =========================================
    Regarding antivirus programs: Both Avast, which you have and Avira are free and good. If you feel you want to purchase an AV program, I recommend the Eset Nod32 AV. That's what I have an have been very pleased.

    I don't get 'suites- that my preference, but I do recommend that you add a firewall and at least 2 antimalware programs. Here are some suggestions- all free:

    Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    Antispyware: I recommend all of the following:
    • Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    • Download ZonedOut and save to your desktop. This manages the Zones in Internet Explorer. It over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
      (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.)
    • Replace the Host Files
      MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    • Google Toolbar Get the free google toolbar to help stop pop up windows.
    • The Site Advisor Web of Trust (WOT) add-on is a . Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.

    Edit: you have 2 antivirus programs running:
    AV: avast! Antivirus *Enabled/Updated
    AV: Lavasoft Ad-Watch Live! Anti-Virus
    Please uninstall one of these.
     
  8. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Beta 4?

    The link you provided above for Firefox is the Version 3 Beta 4 version, when I click update in my help menu it says there are no updates available. When I went to mozilla.org and clicked on and downloade 3.6.15 the download said it would download it in a folder and the folder name had Beta 4 in it. How do I NOT choose that when the only links I can find for Firefox are precicely that? That or I'm not comprehending what I'm reading correctly. Angela
     
  9. demismom

    demismom TS Rookie Topic Starter Posts: 23

    I'm already using 3.6.15

    I decided to take a look at my about Firefox on my help menu and it says Firefox v 3.6.15 already. Here's some other info it let me cut and paste:

    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 GTB7.1 (.NET CLR 3.5.30729)

    Didn't know if any of that helped or not and I should still download from that link you provided even though it says it's the same version I already am using.

    Angela
     
  10. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Firefox updated itself.

    When I uninstalled Ad-aware, as suggested, I noticed that my Firefox updated itself upon restart and while it says 3.6.15 still as my version, instead of 2010 for the copyright date it says 2011, so something happened. I did a quick search on the internet and I wasn't re-directed. I'm still working the other steps, but wanted to let you know that bit of info. Angela
     
  11. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Super Antispyware

    I have Super Antispyware and Malwarebytes on my computer for antispyware software. Do you recommend I uninstall them and use your recommendations instead or a combo of the two?????

    I've installed ZoneAlarm as recommended as well. I already have the Google Toolbar installed as recommended.

    In addition, I ran some searches on Google that had previously been re-directed and it wasn't this evening - I'm very impressed with your help!

    Angela
     
  12. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Guess I spoke too soon

    Just ran a search and got re-directed on Google. Interestingly enough, if I run a search and click on the cached version I don't usually get re-directed.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I would appreciate it when you have 1 or 2 lines to add, change or question that you use the Edit feature instead of making a new reply each time. I get email feedback for each of those replies!
    Sometime before the end of December of 2010, you downloaded the Firefox 4 beta 4:
    Another poor soul with re-directed Internet Searches

    You were having the redirect problem then but did not reply to the instructions you were given and deserted the thread.

    About Firefox:
    The v3 Beta 4 was a test program for the upcoming v4. I left the comment about it only should be used by developers. The fact that you have this version installed somewhere on your system and the fact that you have C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe and the fact that you have these 4 plugins for that version is most likely the cause of your problem:
    I do note that the installed programs shows Mozilla Firefox (3.6.15)- But you need to uninstall the v3 beta 4 version and the 4 plugins for that version.
    ===================================================
    After you've done that, come back if you're still getting redirected.

    By the way, the link I left for Firefox opens the download for v3.6.15. I just rechecked the link- download box popups up right after you click on the link. Going to Help for the update or going to Mozilla.org wouldn't have been necessary.
     
  14. demismom

    demismom TS Rookie Topic Starter Posts: 23

    I hope I'm replying correctly this time.

    I'm very lost - the only reason I came back was because I couldn't remember where I posted the first time and lost the information for this site and I didn't seem to be having as many problems as I had been, so I figured whatever problems I was having were temporary.

    As for firefox, I just clicked to update it whenever it says there is an updated version, I had no idea I had one on my computer for developers. It doesn't say that anywhere on my screen, it doesn't look any different than my previous version to me, anyway. My about says I'm NOT using v3 beta 4, it says v 3.6.15, where do I find this v3 beta 4? It's not in the control panel under add/remove programs, nor is the uninstall listed on the All Programs Button on the Start Menu, just the link to the program itself. So, I'm not sure how to uninstall it. :(

    I just decided to try and see if I could find the uninstall program via my windows explorer and when I double clicked it or try to get to it through accessories I get a pop-up that says windows cannot access, blah blah blah. I'm going to try and re-boot my computer, hopefully it's something as simple as that.

    That didn't work, sooooooooo I went into Firefox 3 Beta 4 folder through my FTP program and found the uninstall and it uninstalled even 3.15, but not my bookmarks, etc. I thought it had and was really ticked off! :) But I still can't get my windows explorer to work, it says I don't have proper permissions or something. I do see it running on my task manager. Any idea how to fix that?
     
  15. demismom

    demismom TS Rookie Topic Starter Posts: 23

    I removed Firefox V3 Beta 4 and plugins, as directed, and I got redirected this morning. Did a Google Search for Auto repair Niles, MI and when I clicked on marshautorepair.com I got redirected to target.com. :( In addition, avast is finding lots of threats in files that I use often, like my bookkeeping program, quickbooks, and my email program Thunderbird.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you need to focus on just the malware-or possible malware problem and not divert the thread. In order to do that, it is necessary for you to follow my instructions:

    The beta Firefox entries have now been handled. Since you are still getting redirected, please do the following:
    1. Run this Security Check

    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    =====================================
    2. Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =======================================
    3. Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===========================================
    Please do not attempt to install, uninstall, update unless I direct you to do so.
     
  17. demismom

    demismom TS Rookie Topic Starter Posts: 23

    checkup.txt:

    Results of screen317's Security Check version 0.99.10
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    ZoneAlarm
    ZoneAlarm Toolbar
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date HijackThis installed!
    Malwarebytes' Anti-Malware
    HijackThis 1.99.1
    Java(TM) 6 Update 18
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 7.1.0
    Adobe Reader 7.0.5 Language Support
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.16) Firefox Out of Date!
    Mozilla Thunderbird (3.1.9)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Desktop Alert liveonline_3836970.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````


    As for the next program, ESET, it will not run - it says "cannot get update", is proxy configured when it tries to get the signature database. I wasn't sure if I should continue to the next item without doing the ESET, so I await your response. Angela
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay< for the security:

    Uninstall:
    HijackThis 1.99.1
    Java(TM) 6 Update 18
    Adobe Reader 7.1.0
    Adobe Reader 7.0.5 Language Support

    Update:
    Java : Check this site Java Updates
    Adobe Reader: Visit this Adobe Reader
    Mozilla Firefox (3.6.16)> I think this is up to v3.6.19 if you want to keep v3.6.

    Please go ahead an run Combofix. I should be able to see the proxy stopping the Eset scan and can shut it down.
     
  19. demismom

    demismom TS Rookie Topic Starter Posts: 23

    I know you asked me not to start new replies, but I've done everything you've asked in your latest post and for the past 30 minutes combofix has been on the same screen: "Preparing Log Report. Do not run any programs until Combox has finished." How long will this screen stay on before the log pops up or is it stalled? I did not touch it as told not to. I'm using my laptop to post this reply. If it is stuck, do I restart it or what should I do???? Angela

    Well, the Preparing Log Report window is still up, with no report in sight. I'm tired and going to bed.

    Okay, it's 7 hours later and the same combofix screen is still on my computer. What should I do?

    Well, I finally got my computer to boot so that I could see if I could find the combofix.txt file and I did. Not sure if it's complete or not, but here it is:

    ComboFix 11-03-26.01 - Administrator 03/26/2011 21:26:39.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.827 [GMT -4:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please remove one of these firewalls:

    FW: Trend Micro Personal Firewall
    FW: ZoneAlarm Firewall


    You may actually have the program 'firewalled out'!
     
  21. demismom

    demismom TS Rookie Topic Starter Posts: 23

    I'm not sure what I should do

    It looks like the Trend Micro Firewall is coming from some program that Comcast Cable installed on my computer for the internet, so I'm nervous about touching that, so I turned off the Zone Alarm and it said I had NO Firewall installed. If that's the case, then do you have any idea how to check the Trend Micro settings? I can't find the program itself, just a folder, but no .exe file to click on to bring up it's home screen. :( Not sure what to do, could use some advice. Thanx!
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please check with Comcast to find out what security they are providing. You should end up with one antivirus program and one firewall. Okay to have multiple spyware/adware programs.

    You can disable ZoneAlarm for now and check with Comcast later. I need you to try to run Combofix:

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    demismon.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    4. Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    *************************************
    Once you've gotten one of them to run, immediately run

    demismom.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.
     
  23. demismom

    demismom TS Rookie Topic Starter Posts: 23

    How long do I give combo fix to run? It's been an hour and it says it's preparing log file or something like that. Just wondering if I should stop it and do the next stap as instructed.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What have you done so far? Tried Safe Mode?
     
  25. demismom

    demismom TS Rookie Topic Starter Posts: 23

    Sorry it took so long

    It took a long time, but I finally got a log out of combofix on the first try, I just decided to let it run all night, if need be. Here is the log:

    ComboFix 11-03-29.06 - Administrator 03/30/2011 16:54:04.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.960 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Administrator\Application Data\Adobe\AdobeUpdate .exe
    c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome.manifest
    c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome\content\_cfg.js
    c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\chrome\content\overlay.xul
    c:\documents and settings\Administrator\Local Settings\Application Data\{BAF1E2C3-B3DD-4541-B245-F6984D5DBC9C}\install.rdf
    c:\documents and settings\Administrator\My Documents\DPE.DUS
    c:\documents and settings\Administrator\Recent\Thumbs.db
    c:\windows\http
    c:\windows\inf\im1100.vbs
    c:\windows\system32\bszip.dll
    c:\windows\system32\skinboxer43.dll
    c:\windows\system32\Thumbs.db
    G:\autorun.inf
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
    .
    Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
    .
    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-29 22:26 . 2011-03-29 22:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PSU
    2011-03-27 01:07 . 2011-03-27 01:07 -------- d-----w- c:\program files\Common Files\Java
    2011-03-27 01:07 . 2011-03-27 01:06 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-27 01:07 . 2011-03-27 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-27 01:07 . 2011-03-27 01:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-22 01:52 . 2011-03-22 01:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\CheckPoint
    2011-03-22 01:51 . 2011-03-24 22:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
    2011-03-22 01:51 . 2011-03-22 01:51 -------- d-----w- c:\program files\Conduit
    2011-03-22 01:51 . 2011-03-24 22:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ZoneAlarm_Security
    2011-03-22 01:51 . 2011-03-22 01:51 -------- d-----w- c:\program files\ZoneAlarm_Security
    2011-03-22 01:50 . 2011-03-22 01:50 -------- d-----w- c:\program files\CheckPoint
    2011-03-22 01:49 . 2011-02-18 21:28 69120 ----a-w- c:\windows\system32\zlcomm.dll
    2011-03-22 01:49 . 2011-02-18 21:28 104448 ----a-w- c:\windows\system32\zlcommdb.dll
    2011-03-22 01:49 . 2011-03-22 01:52 -------- d-----w- c:\windows\system32\ZoneLabs
    2011-03-22 01:49 . 2011-02-18 21:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2011-03-22 01:49 . 2011-03-22 01:49 -------- d-----w- c:\program files\Zone Labs
    2011-03-22 01:48 . 2011-03-30 20:43 -------- d-----w- c:\windows\Internet Logs
    2011-03-18 20:41 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-03-18 20:41 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-03-18 20:41 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-03-18 20:41 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-03-18 20:41 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-03-18 20:41 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-03-18 20:41 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-03-18 20:41 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-03-18 20:41 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-03-18 20:41 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-03-18 20:40 . 2011-03-18 20:40 -------- d-----w- c:\program files\AVAST Software
    2011-03-18 20:40 . 2011-03-18 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-03-02 22:20 . 2011-03-02 22:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-02 22:16 . 2011-03-02 22:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
    2011-03-02 22:14 . 2011-03-22 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2011-03-02 11:29 . 2011-03-02 11:30 -------- dc-h--w- c:\windows\ie8
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 14:17 . 2010-09-30 22:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-02-14 11:38 . 2011-02-14 11:38 61440 ----a-w- c:\windows\uninstall.exe
    2011-02-09 13:53 . 2003-07-16 16:37 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2003-07-16 16:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2005-10-05 11:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-28 10:59 . 2005-10-05 15:35 61440 ----a-w- c:\windows\wnUninstall.exe
    2011-01-27 11:57 . 2005-10-05 11:35 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2003-07-16 16:38 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2003-07-16 16:18 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2003-07-16 16:45 1854976 ----a-w- c:\windows\system32\win32k.sys
    2011-03-27 00:58 . 2011-03-27 00:58 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-12-01 15:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]
    .
    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-24 2423752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]
    "3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-26 19968]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Desktop Alert.lnk - c:\program files\Desktop Alert\liveonline_3836970.exe [2011-2-14 458752]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-13 221247]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-10-21 10:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "Apple Mobile Device"=2 (0x2)
    "AOL TopSpeedMonitor"=2 (0x2)
    "AOL ACS"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\WS_FTP Pro\\wsftpgui.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\ScanMgr.exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Scan2Pc.exe"=
    "c:\\WINDOWS\\twain_32\\Samsung\\CLX3170\\Sscan2io.exe"=
    "c:\\Estimiser Pro\\Estimiser Pro.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 4:41 PM 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/18/2011 4:41 PM 301528]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/18/2011 4:41 PM 19544]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 11:25 AM 26872]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 12872]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-29 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    2011-03-18 c:\windows\Tasks\RegCure.job
    - c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
    mWindow Title = Windows Internet Explorer provided by Comcast
    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r0wcz5ai.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
    FF - prefs.js: browser.startup.homepage - www.igoogle.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    AddRemove-Motorola USB Modem Installation - c:\program files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-30 17:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1454471165-1592454029-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,56,83,c4,d9,55,a2,42,b3,0d,83,\
    "3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,56,83,c4,d9,55,a2,42,b3,0d,83,\
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,43,a3,21,80,85,90,43,a3,aa,f4,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2b,43,a3,21,80,85,90,43,a3,aa,f4,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A1146105-B145-D547-791CC80E83BF21B6}\{DC78455E-4161-0768-1856DB98A0FFD8AF}\{619B65F9-9B50-CD99-3F29A63495E25D6C}*]
    "NRDFOBLVNAUE2QOGEQXAH1Y2DD1"=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
    de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(724)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    .
    - - - - - - - > 'lsass.exe'(780)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    - - - - - - - > 'explorer.exe'(3308)
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    Completion time: 2011-03-30 18:57:51
    ComboFix-quarantined-files.txt 2011-03-30 22:57
    .
    Pre-Run: 3,200,679,936 bytes free
    Post-Run: 3,151,106,048 bytes free
    .
    - - End Of File - - 561E31B95EF4EC33AF00B8E6D1751FE9
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...