Inactive My other computer has Google redirect problem too

[bearone100]

I have posted the logs for my desk top that has google redirect problems now here are the logs for my net book with the same problem

 

[Broni]

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[bearone100]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A88000 \WINDOWS\system32\KDCOM.DLL
0xF7998000 \WINDOWS\system32\BOOTVID.dll
0xF7588000 klbg.sys
0xF7459000 ACPI.sys
0xF7A8A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7448000 pci.sys
0xF7598000 isapnp.sys
0xF799C000 compbatt.sys
0xF79A0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7808000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75A8000 MountMgr.sys
0xF7429000 ftdisk.sys
0xF79A4000 ACPIEC.sys
0xF7B51000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7810000 PartMgr.sys
0xF75B8000 VolSnap.sys
0xF734F000 iaStor.sys
0xF75C8000 disk.sys
0xF75D8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF732F000 fltMgr.sys
0xF7317000 syscow32x.sys
0xF75E8000 PxHelp20.sys
0xF7300000 KSecDD.sys
0xF7273000 Ntfs.sys
0xF7246000 NDIS.sys
0xF7818000 SaibIa32.sys
0xF75F8000 SahdIa32.sys
0xF722C000 Mup.sys
0xF76C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5FE7000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF5FD3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5FAB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5E00000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7900000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5DDC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7908000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7910000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF5DAB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF5D2F000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF76F8000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF7918000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF71E8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF71E4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7708000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7BB9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7718000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7180000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7728000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7738000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7920000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5D07000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7748000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7928000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7930000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7758000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AC6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5CE4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5C86000 \SystemRoot\system32\DRIVERS\update.sys
0xF716C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF657D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA948F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA790F000 \SystemRoot\system32\drivers\sthda.sys
0xA78EB000 \SystemRoot\system32\drivers\portcls.sys
0xA947F000 \SystemRoot\system32\drivers\drmk.sys
0xA78CF000 \SystemRoot\system32\drivers\AESTAud.sys
0xAA191000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA787E000 \SystemRoot\system32\DRIVERS\klif.sys
0xA76A8000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0xA945F000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA8313000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0xF7B30000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA7CF4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B32000 \SystemRoot\System32\Drivers\Beep.SYS
0xA7C7C000 \SystemRoot\System32\drivers\vga.sys
0xF7B34000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B36000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA7C6C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA7C64000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA7CE5000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7168000 \??\C:\WINDOWS\system32\drivers\kl1.sys
0xA7155000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA70FC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA70D4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA70AE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA708C000 \SystemRoot\System32\drivers\afd.sys
0xA897B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA896B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA895B000 \SystemRoot\System32\Drivers\SaibVd32.sys
0xA6F85000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA6EED000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7B1B000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2B91000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA2EF7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7840000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA654D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6D7A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA2ADC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA3061000 \SystemRoot\system32\drivers\sysaudio.sys
0xA2A61000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA2870000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2497000 \SystemRoot\System32\Drivers\HTTP.sys
0xA164B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
932 C:\WINDOWS\system32\smss.exe
980 csrss.exe
1004 C:\WINDOWS\system32\winlogon.exe
1056 C:\WINDOWS\system32\services.exe
1068 C:\WINDOWS\system32\lsass.exe
1236 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1420 C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
1444 C:\WINDOWS\system32\svchost.exe
1592 svchost.exe
1668 svchost.exe
1996 C:\WINDOWS\system32\spoolsv.exe
2044 C:\Program Files\IDT\WDM\stacsv.exe
336 svchost.exe
924 C:\WINDOWS\explorer.exe
640 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
672 C:\Program Files\Java\jre6\bin\jqs.exe
740 C:\WINDOWS\system32\svchost.exe
1640 C:\WINDOWS\system32\igfxtray.exe
1688 C:\WINDOWS\system32\hkcmd.exe
1724 C:\WINDOWS\system32\igfxpers.exe
1760 C:\Program Files\HP\HPBTWD.exe
1352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1428 C:\Program Files\IDT\WDM\sttray.exe
1788 C:\WINDOWS\system32\AESTFltr.exe
1796 C:\WINDOWS\system32\igfxsrvc.exe
1860 C:\Program Files\Java\jre6\bin\jusched.exe
1868 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1636 C:\WINDOWS\system32\ctfmon.exe
180 C:\Program Files\uTorrent\uTorrent.exe
428 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
724 C:\WINDOWS\system32\wuauclt.exe
2472 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2956 wmiprvse.exe
2972 alg.exe
3680 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3912 C:\WINDOWS\system32\svchost.exe
3004 C:\Program Files\Mozilla Firefox\firefox.exe
3328 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
1472 C:\Program Files\Mozilla Firefox\plugin-container.exe
3532 C:\WINDOWS\system32\rundll32.exe
2892 C:\Documents and Settings\Darren\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-15

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

 

[Broni]

Looks good
Go on....

 

[bearone100]

ComboFix 10-08-17.01 - Darren 08/17/2010 14:38:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.631 [GMT -4:00]
Running from: c:\documents and settings\Darren\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Darren\Local Settings\Application Data\{F8241C81-C34C-47ED-A1B1-86E8140914D6}
c:\documents and settings\Darren\Local Settings\Application Data\{F8241C81-C34C-47ED-A1B1-86E8140914D6}\chrome.manifest
c:\documents and settings\Darren\Local Settings\Application Data\{F8241C81-C34C-47ED-A1B1-86E8140914D6}\chrome\content\_cfg.js
c:\documents and settings\Darren\Local Settings\Application Data\{F8241C81-C34C-47ED-A1B1-86E8140914D6}\chrome\content\overlay.xul
c:\documents and settings\Darren\Local Settings\Application Data\{F8241C81-C34C-47ED-A1B1-86E8140914D6}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-16 15:18 . 2010-08-16 15:18 -------- d-----w- c:\documents and settings\Darren\Application Data\Malwarebytes
2010-08-16 15:18 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 15:18 . 2010-08-16 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-16 15:18 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 15:18 . 2010-08-16 15:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-13 21:22 . 2010-06-21 15:27 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 21:22 . 2010-06-21 15:27 354304 ----a-w- c:\windows\system32\dllcache\srv.sys
2010-08-13 21:21 . 2010-04-27 13:59 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 21:21 . 2010-04-27 13:59 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-13 21:21 . 2010-04-28 02:25 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-13 21:21 . 2010-04-27 13:05 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 21:21 . 2010-04-27 13:05 2024448 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-13 21:21 . 2010-04-27 13:05 2066816 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-12 04:02 . 2010-06-18 13:36 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-08-08 16:43 . 2010-08-08 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-08 16:43 . 2010-08-08 16:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-28 00:44 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-07-26 19:50 . 2010-07-30 14:55 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-07-26 19:50 . 2010-07-30 14:55 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-26 19:49 . 2010-08-17 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-26 19:49 . 2010-07-26 19:49 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-26 19:47 . 2010-07-26 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-26 16:49 . 2010-07-26 18:00 -------- d-----w- c:\program files\Enigma Software Group
2010-07-26 16:49 . 2010-07-26 16:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-23 14:45 . 2010-07-23 14:45 -------- d--h--w- c:\windows\PIF
2010-07-20 19:15 . 2010-07-20 15:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-20 15:23 . 2010-07-20 15:23 -------- d-----w- c:\documents and settings\Darren\Local Settings\Application Data\Sunbelt Software
2010-07-20 15:16 . 2010-07-26 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 18:48 . 2010-05-26 13:36 -------- d-----w- c:\documents and settings\Darren\Application Data\uTorrent
2010-08-16 22:06 . 2010-06-01 19:17 -------- d-----w- c:\documents and settings\Darren\Application Data\vlc
2010-08-14 18:05 . 2010-05-26 04:57 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 21:22 . 2010-05-26 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-26 21:41 . 2008-04-15 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-07-20 15:12 . 2010-06-02 18:35 148 ----a-w- c:\documents and settings\Darren\Application Data\wklnhst.dat
2010-06-30 12:31 . 2010-06-30 12:31 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2010-08-12 04:06 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 18:17 . 2010-06-23 18:17 -------- d-----w- c:\program files\AVG
2010-06-23 13:44 . 2010-06-23 13:44 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03 . 2010-06-17 14:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-07-28 00:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2010-06-14 07:41 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-06 16:22 . 2010-05-26 05:09 40576 ----a-w- c:\documents and settings\Darren\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-26 13:33 . 2010-05-26 13:33 0 -c--a-w- c:\windows\nsreg.dat
2010-05-26 05:08 . 2010-05-26 05:08 259584 ----a-w- c:\windows\system32\bcdedit.exe
2010-05-26 05:07 . 2010-05-26 05:07 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-05-26 05:07 . 2009-06-02 00:57 1746432 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-31 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2009-03-30 319488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 148888]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP]
2009-07-14 10:54 589104 ----a-w- c:\program files\Hewlett-Packard\HP QuickSync\QuickSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-31 23:42 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [8/11/2009 9:51 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [8/11/2009 9:51 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [7/2/2009 2:10 AM 103792]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [8/11/2009 9:51 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 10:05 PM 457200]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [7/9/2009 7:08 AM 199152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/11/2009 9:37 PM 113664]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x86.sys --> c:\windows\system32\DRIVERS\l1c51x86.sys [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [8/11/2009 9:35 PM 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 11:09]

2010-08-17 c:\windows\Tasks\USER_FEED_SYNCHRONIZATION-{63A60B05-A1C1-4DB5-B4E4-4B8EA50E06C9}.JOB
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\documents and settings\Darren\Application Data\Mozilla\Firefox\Profiles\ij5igcd4.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-08-17 14:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 18:51

Pre-Run: 116,568,952,832 bytes free
Post-Run: 116,486,119,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

- - End Of File - - BFECB752250226CAC945A3541DE36ABD

 

[Broni]

How is redirection?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[bearone100]

OTL Extras logfile created on: 8/17/2010 6:26:13 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Darren\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 108.48 Gb Free Space | 72.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC115526378102
Current User Name: Darren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe:*isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{10385C4F-A6B2-4913-975D-6828928222EC}" = HP User Guides 0165
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam-50
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2010 9:33:35 PM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:21:31 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:21:31 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:33:38 AM | Computer Name = PC115526378102 | Source = Application Error | ID = 1000
Description = Faulting application gooredfix.exe, version 2.0.0.687, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 8/4/2010 9:38:23 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:38:23 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:50:31 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:50:31 AM | Computer Name = PC115526378102 | Source = RstMgr | ID = 0
Description =

Error - 8/4/2010 9:53:19 AM | Computer Name = PC115526378102 | Source = Application Error | ID = 1000
Description = Faulting application gooredfix.exe, version 2.0.0.687, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 8/16/2010 11:10:50 AM | Computer Name = PC115526378102 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 8/17/2010 2:28:51 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 8/17/2010 2:28:54 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde PCIIde ViaIde

Error - 8/17/2010 2:48:59 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/17/2010 2:49:03 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde PCIIde ViaIde

Error - 8/17/2010 2:49:34 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/17/2010 5:57:47 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/17/2010 5:57:49 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde PCIIde ViaIde

Error - 8/17/2010 6:20:08 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 8/17/2010 6:20:10 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde PCIIde ViaIde

Error - 8/17/2010 6:20:41 PM | Computer Name = PC115526378102 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.


< End of report >



SRV - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/02 22:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)

 

[bearone100]

The logs were too long so I downloaded them

 

[Broni]

How is redirection?

 

[bearone100]

i havent been able to try it because i had to do a restore on the desk top and its taking all my time it looks like the redirect might be gone but i will know better when i have more time to look

 

[Broni]

because i had to do a restore on the desk top

You used System Restore?

 

[bearone100]

yes my dest top wouldnt do any thing so had to do a restore with the cd to get it working again now im going throught the 8 steps on the desk top again

 

[Broni]

You should have told me first, but what's done, it's done.
Go on....

 

[bearone100]

i had to dothe restore on the desk top not my netbook the netbook is the one we are workig on here

 

[Broni]

Oh....LOL
Can you check for redirection issue then...

 

[bearone100]

because of the problems i had with both computers <the desktop is fixed thank you very much > i have started over with the netbook i am rescaning and reposting from the start
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4449

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/19/2010 3:54:44 PM
mbam-log-2010-08-19 (15-54-44).txt

Scan type: Quick scan
Objects scanned: 125708
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[bearone100]

Heres the newist one

 

[Broni]

How is redirection?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[bearone100]

Here is the log for combofix

 

[Broni]

How is redirection?

 

[bearone100]

the redirection looks like its gone

 

[Broni]

Good

Combofix log is clean....

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[bearone100]

otl only gave me one log

 

[bearone100]

Here it is

 

[Broni]

What happened to Kaspersky?
I don't see it running.

=========================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  [2010/06/23 14:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.