PC infected with search redirect virus, please help!

Resolved
By tmort23
May 10, 2010
Topic Status:
Not open for further replies.
  1. Hi there, I'm new to TechSpot, and I have a serious virus problem. For the past month, my computer has been infected with the search redirect virus, and I cant get rid of it. My own Antivirus cant even find it on the search (i have Zonealarm). My virus protection is about to run out in less than a week, so I need this thing gone. I'm kind of a noobie at this stuff, so I'm sorry if I ask a lot of questions. I followed the 8-step virus prelim removal thread, but could not (and still cant) download the MalwareBytes Anti Malware program. It claims the page cannot be displayed. Apart from that, everything else worked well. OK Not sure why, but it wont let me attach anything. I click Manage attachments, but it wont do anything. So I am just going to copy and paste them all.

    Please help me TechSpot! Ill do my best to respond quickly.

    Thanks in advance,

    Tanner

    Heres the ATTACH.txt-

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/28/2004 3:43:00 PM
    System Uptime: 5/9/2010 1:52:18 PM (2 hours ago)

    Motherboard: Dell Computer Corp. | | 0F5949
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 71 GiB total, 23.649 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1283: 2/9/2010 7:27:56 PM - System Checkpoint
    RP1284: 2/9/2010 11:18:29 PM - Software Distribution Service 3.0
    RP1285: 2/11/2010 7:30:07 PM - System Checkpoint
    RP1286: 2/17/2010 3:11:57 AM - System Checkpoint
    RP1287: 2/18/2010 2:17:25 PM - System Checkpoint
    RP1288: 2/19/2010 3:32:04 PM - System Checkpoint
    RP1289: 2/20/2010 10:58:59 PM - System Checkpoint
    RP1290: 2/21/2010 11:12:41 PM - System Checkpoint
    RP1291: 2/26/2010 9:52:34 PM - System Checkpoint
    RP1292: 2/28/2010 12:09:28 AM - System Checkpoint
    RP1293: 3/1/2010 1:21:40 AM - System Checkpoint
    RP1294: 3/2/2010 2:23:46 AM - System Checkpoint
    RP1295: 3/3/2010 2:44:55 AM - System Checkpoint
    RP1296: 3/4/2010 3:28:46 AM - System Checkpoint
    RP1297: 3/5/2010 5:36:03 AM - System Checkpoint
    RP1298: 3/15/2010 4:21:41 PM - System Checkpoint
    RP1299: 3/16/2010 4:59:42 PM - System Checkpoint
    RP1300: 3/17/2010 5:25:10 PM - System Checkpoint
    RP1301: 3/18/2010 8:45:03 PM - System Checkpoint
    RP1302: 3/19/2010 8:50:08 PM - System Checkpoint
    RP1303: 3/20/2010 9:19:54 PM - System Checkpoint
    RP1304: 3/21/2010 10:17:48 PM - System Checkpoint
    RP1305: 3/22/2010 10:25:12 PM - System Checkpoint
    RP1306: 3/24/2010 2:03:35 PM - System Checkpoint
    RP1307: 3/24/2010 9:54:38 PM - Installed Connect Service
    RP1308: 3/25/2010 10:35:36 PM - System Checkpoint
    RP1309: 3/27/2010 7:28:32 PM - System Checkpoint
    RP1310: 3/28/2010 8:02:14 PM - System Checkpoint
    RP1311: 3/30/2010 2:56:48 PM - System Checkpoint
    RP1312: 3/31/2010 3:26:48 PM - System Checkpoint
    RP1313: 4/1/2010 4:13:08 PM - System Checkpoint
    RP1314: 4/3/2010 11:47:32 AM - System Checkpoint
    RP1315: 4/4/2010 11:42:13 AM - Removed Google SketchUp 6
    RP1316: 4/4/2010 11:42:31 AM - Removed Google SketchUp 6
    RP1317: 4/4/2010 11:44:05 AM - Removed MobileMe Control Panel
    RP1318: 4/4/2010 11:45:17 AM - Removed Jasc Paint Shop Pro 8 Dell Edition
    RP1319: 4/5/2010 1:09:18 PM - System Checkpoint
    RP1320: 4/6/2010 5:49:55 PM - System Checkpoint
    RP1321: 4/7/2010 6:25:27 PM - System Checkpoint
    RP1322: 4/8/2010 7:53:39 PM - System Checkpoint
    RP1323: 4/9/2010 8:18:04 PM - System Checkpoint
    RP1324: 4/10/2010 9:05:46 PM - System Checkpoint
    RP1325: 4/11/2010 9:42:20 PM - System Checkpoint
    RP1326: 4/14/2010 2:00:46 PM - System Checkpoint
    RP1327: 4/15/2010 2:56:25 PM - System Checkpoint
    RP1328: 4/16/2010 3:11:39 PM - System Checkpoint
    RP1329: 4/20/2010 3:10:10 PM - System Checkpoint
    RP1330: 4/21/2010 3:37:28 PM - System Checkpoint
    RP1331: 4/22/2010 4:07:42 PM - System Checkpoint
    RP1332: 4/23/2010 5:07:43 PM - System Checkpoint
    RP1333: 4/24/2010 5:25:01 PM - System Checkpoint
    RP1334: 4/25/2010 7:32:06 PM - System Checkpoint
    RP1335: 4/26/2010 8:01:21 PM - System Checkpoint
    RP1336: 4/27/2010 8:34:20 PM - System Checkpoint
    RP1337: 4/28/2010 9:22:29 PM - System Checkpoint
    RP1338: 4/29/2010 9:40:19 PM - System Checkpoint
    RP1339: 4/30/2010 9:46:45 PM - System Checkpoint
    RP1340: 5/1/2010 10:27:11 PM - System Checkpoint
    RP1341: 5/3/2010 2:17:53 PM - System Checkpoint
    RP1342: 5/5/2010 2:16:53 PM - System Checkpoint
    RP1343: 5/6/2010 8:13:56 PM - System Checkpoint
    RP1344: 5/8/2010 1:09:29 PM - System Checkpoint
    RP1345: 5/9/2010 2:10:46 PM - System Checkpoint

    ==== Installed Programs ======================

    3ivx MPEG-4 5.0 Decoder (remove only)
    Adobe Digital Editions
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Shockwave Player
    Amazon MP3 Downloader 1.0.10
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft WebCam Companion 2
    Banctec Service Agreement
    Bonjour
    Broadcom Management Programs
    Choice Guard
    Conexant D850 56K V.9x DFVc Modem
    Coupon Printer for Windows
    DA920EN
    Dell Digital Jukebox Driver
    Dell Networking Guide
    Dell Solution Center
    DellSupport
    Digital Line Detect
    DVD Flick 1.3.0.7
    Facebook Plug-In
    Full Tilt Poker
    Google SketchUp 6 Exporters
    Google SketchUp LayOut 6
    Google SketchUp Pro 6
    Google SketchUp Viewer
    Google Updater
    Grokster ads support
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Photo Imaging Software
    HP Photo Printing Software
    hp photosmart 1115 series
    hp photosmart printer series (Remove only)
    HP Share-to-Web
    Indeo® software
    Intel(R) Extreme Graphics Driver
    Internet Explorer Default Page
    Internet Explorer Q903235
    iPod for Windows 2005-09-06
    iPod for Windows 2006-06-28
    iTunes
    J2SE Runtime Environment 5.0 Update 11
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire 5.4.6
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft AntiSpyware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Encyclopedia Standard 2004
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    NetWaiting
    QuickTime
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Segoe UI
    Shockwave
    Skype™ 4.1
    Sonic DLA
    Sonic RecordNow!
    TablEdit 2.65
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC 9.0 Runtime
    Viewpoint Media Player
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    ZoneAlarm Security Suite
    ZoneAlarm Toolbar

    ==== End Of File ===========================
  2. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Dds.txt

    Heres the DDS.txt-



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Tanner at 15:10:35.04 on Sun 05/09/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.709 [GMT -7:00]

    AV: ZoneAlarm Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\WINDOWS\System32\HPHipm09.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tanner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar =
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uCustomizeSearch =
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Sonic RecordNow!]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [TOY5KNQ8OC] c:\docume~1\tanner\locals~1\temp\Elh.exe
    uRun: [ROUA3O12PW] c:\windows\msa.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
    mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe
    mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
    mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
    mRun: [bpk] c:\windows\system32\bpk.exe
    mRun: [realteks] "c:\documents and settings\tanner\application data\google\jaeio234556.exe" 2
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [cftmon] c:\windows\system32\ztqa.exe
    mRun: [Nkurejulatiw] rundll32.exe "c:\windows\ucaxatesuxid.dll",Startup
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mExplorerRun: [RTHDBPL] c:\documents and settings\tanner\application data\systemproc\lsass.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127668836875
    DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} - hxxp://karaoke.cokemusic.com//karClientIE.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://www.arcadetown.com/feedingfrenzy/SproutLauncher.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} - hxxp://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    TCP: NameServer = 93.188.162.6,93.188.161.34
    TCP: {3BEBBE86-E276-4A8F-B745-659506D39AF4} = 93.188.162.6,93.188.161.34
    TCP: {C1B9238B-191E-4433-8B4D-00EEB3516AD4} = 93.188.162.6,93.188.161.34
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\windows\system32\0034.DLL
    SSODL: LiveReg - {1FB7B9B9-05CC-A1D6-56BD-402D8F4C488F} - c:\program files\common files\symantec shared\livereg\IraVcLc3d.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll
    LSA: Notification Packages = scecli scecli scecli leurpr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tanner\applic~1\mozilla\firefox\profiles\4wwo6ktv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\documents and settings\tanner\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\tanner\application data\mozilla\firefox\profiles\4wwo6ktv.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: XULRunner: {9A9F732D-6415-4F61-8FDB-8BF29F0DC597} - c:\documents and settings\tanner\local settings\application data\{9A9F732D-6415-4F61-8FDB-8BF29F0DC597}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-11-7 128016]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-18 486280]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-5 24652]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
    S3 PsSdk30;PsSdk30;\??\c:\windows\system32\drivers\pssdk30.drv --> c:\windows\system32\drivers\PsSdk30.drv [?]

    =============== Created Last 30 ================

    2010-05-08 18:46:51 0 d-sh--w- c:\documents and settings\tanner\IECompatCache
    2010-05-01 21:31:42 0 d-----w- c:\program files\Amazon

    ==================== Find3M ====================

    2010-05-09 22:01:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2010-02-25 00:06:55 9 -c--a-w- C:\confin.sys
    2010-02-23 03:42:46 6863 ----a-w- c:\windows\system32\WORK.DAT
    2010-02-12 18:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 18:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2002-08-29 10:00:00 94784 --sh--w- c:\windows\TWAIN.DLL
    2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
    2004-11-30 00:08:20 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll
    2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
    2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
    2008-11-16 02:37:52 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111520081116\index.dat

    ============= FINISH: 15:13:39.60 ===============
  3. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    And the Gmer.log is too big to copy and paste, and for some reason it wont let me attach to replies, so I uploaded it to rapidshare, so heres the link to download-
    http://rapidshare.com/files/385521964/gmer.log.log.html
    It can only be downloaded 10 times, so if you need it and its past its limit, let me know and ill re-upload it.

    Thanks, sorry for the hassle.

    Tanner
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot, Tanner. I'll help with the malware. I see multiple malware entries in the logs. Regarding Malwarebytes, run the following first, then try Mbam again:
    1. Please download randmbam.exe
    2. It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.
    3. Once done, try running a scan again
    ==========================================
    As for GMER, I will only open a .txt or .log document- not one that's html transferred from Rapidshare. Please try the attachment again.
    =====================================
    When the above has been done, Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    ===================================
    Follow with Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please leave all logs in your next reply.

    You also need to update your Java to v6u20 and uninstall the following versions:
    Java(TM) 6 Update 18
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1

    Each of these outdated versions present a vulnerability to the system.
    As for LimeWire, I will give you information on file sharing and suggest that you uninstall it. If you choose not to, please do not use it while I am helping clean the system.

    Please do not run any other cleaning programs or scans unless I instruct you to. Do not use a Registry cleaner or make any changes in the Registry.
  5. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Ya, I could not include the malwarebytes log because when I click the link to download the program from the 8-step virus prelim removal, it states that the page cannot be displayed, thus not allowing me to download the file. Is there any other way I can download it? Off the top of my head, would it be able for you to upload the installation file to rapidshare or some other sort of file hosting website for me to download it? Maybe that will work.

    As for the GMER.log file, I will try to re attach it later tonight.

    Thanks again.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

  7. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Hey there, sorry for the long wait, I was running all those scans.
    OK. So I ran the malwarebytes anti malware prgm, it found a bunch of malware, and said it removed it. Next I ran the combofix, and then I just finished the Online Scan. All 3 logs are attached, along with the original Gmer.log that I couldnt attach last time.

    in order it is:
    • gmer.log
    • mbam.log
    • combofix log
    • online scan log

    Let me know what you think.

    Thanks!

    Attached Files:

  8. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Also, I updated my Java to Version 20 as told, and uninstalled the versions listed. I am also going to stop using Limewire, although I was using it legally, I fear it is a gateway for viruses and malware.

    Thanks again.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You attached the same Combofix report twice instead of the Malwarebytes log. Could you go find the Mbam log please while I'm finishing the script- it should be either of these places:

    If you accidentally close it, the log file is saved here and will be named like this:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or
    C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You attached the same Combofix report twice instead of the Malwarebytes log. Could you go find the Mbam log please while I'm finishing the script- it should be either of these places:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or
    C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt[/b]
    =================================
    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
     
    File::
    c:\program files\viewpoint\common\ViewpointService.exe
    c:\windows\system32\Drivers\PsSdk30.drv
    c:\windows\Internet Logs\xDBB.tmp
    c:\windows\Internet Logs\xDB9.tmp
    c:\windows\Internet Logs\xDBA.tmp
    c:\windows\system32\zllictbl.dat
    c:\windows\Lqagiwitatuxofum.dat
    c:\windows\Internet Logs\xDB8.tmp
    C:\WINDOWS\leurpr.dll.vzr	
    C:\WINDOWS\ucaxatesuxid.dll.vzr	
    
    Folder::
    c:\windows\Hpabijigokimakig.bin
    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
    
    Driver::
    Viewpoint Manager Service
    PsSdk30
    
    DDS::
    DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    uRun: [TOY5KNQ8OC] c:\docume~1\tanner\locals~1\temp\Elh.exe
    uRun: [ROUA3O12PW] c:\windows\msa.exe
    mRun: [bpk] c:\windows\system32\bpk.exe
    mRun: [Nkurejulatiw] rundll32.exe "c:\windows\ucaxatesuxid.dll",Startup
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    TCP: NameServer = 93.188.162.6,93.188.161.34
    TCP: {3BEBBE86-E276-4A8F-B745-659506D39AF4} = 93.188.162.6,93.188.161.34
    TCP: {C1B9238B-191E-4433-8B4D-00EEB3516AD4} = 93.188.162.6,93.188.161.34
    LSA: Notification Packages = scecli scecli scecli leurpr.dll
    
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

    I can give you more informatrion on file sharing and remove the LimeWire program and files if you'd like.
  11. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Oh, my mistake. Not sure how that happened.. but i attached the mbam log.

    So this code, I just copy and paste into a new notepad, save it as the CFScript.txt and then drag and drop onto the Combofix Icon?
    Sounds easy enough. I will attach the log when finished.

    Thanks.

    Attached Files:

     
  12. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Alright, I ran combofix again like you said. Here is the log:

    Attached Files:

  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    What was your decision about LimeWire. I can include it in the script with a few other removals if you want. Read over this information and make the decision:

    P2P or 'file sharing Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning (link(to help you better understand these dangers.

    How is the system running now?
    There are just a few more files to remove after you tell me about LimeWire and after you run that script, if the problems have been resolved, I'll have you remove the cleaning tools and old restore points, then reset the Host files.
  14. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    I think that Im going to keep it on my system for now, but later I will probably take it off.

    So any more steps? I am still getting the redirection with google, etc..
    but system seems to be running quicker now.

    Thanks again
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\Internet Logs\xDBC.tmp
    c:\windows\system32\zllictbl.dat
    
    Extra::
    File::
    c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    Firefox::
    Firefox:- Profile - c:\documents and settings\Tanner\Application Data\Mozilla\Firefox\Profiles\4wwo6ktv.default\
    
    DirLook::
    c:\windows\Hpabijigokimakig.bin
     
    Folder::
    Registry::
    Driver::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Stay away from weather programs with Minibug
    Stay away from PopCap games which load using the popcaploader
    Stay away from the FunWebProducts site.
    ========================================
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ================================
    I hope to find some NameServers in HJT to have you remove. If not, I'll have you do a DNS flush.
  16. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Ok I ran both combofix and hijackthis, the combofix log is attached and the hijackthis is posted below:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:04:25 PM, on 5/13/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127668836875
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8C410098-8BA7-4550-A0A4-6959C02FC935} (karCntrlIE Class) - http://karaoke.cokemusic.com//karClientIE.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/feedingfrenzy/SproutLauncher.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    --
    End of file - 10236 bytes

    Attached Files:

  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There is a zipped file that I can't identify or open. The date in Combofix is 2010-02-23 03:46 and 2010-03-24 19:38
    c:\windows\Hpabijigokimakig.bin

    There are no other files for 2/23, but there are 2 for 3/24:
    Application Data for ESTsoft : http://www.altools.com/
    ESTsoft Corp. is a software development company located in South Korea- Does this sound familiar?
    ==========================================
    Try this to see if there is any more information:
    To access: Use Windows Explorer: Windows Key + E:
    1. Show Hidden Folders/Files
    • Open My Computer.
      [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Scroll down to Hidden files and folders.
      [*] Select Show hidden files and folders.
      [*] Uncheck (untick) Hide extensions of known file types.
      [*] Uncheck (untick) Hide protected operating system files (Recommended).
      [*] Click Yes when prompted.
      [*] Click OK.


    2. Search for Files:
    • Double click on Local Drive (C)
    • Click on Windows
    • Click on c:\windows\Hpabijigokimakig.bin
    • Extract file> Do NOT open
    • Right click on extracted file> Properties
    • Do you see anything in Properties that you recognize? Do you see a file extension?
    • Is this a zipped folder or file that you created?
    • Close explorer

    3.Reset Hidden/System Files & Folders

    Let me know.
  18. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    it says its a .bin file, i dont recognize it, and the name sounds really weird. It says it has a size of 0 bytes? And its not a zipped file or extractable. Defintely did not create it.

    And step 3, do you mean click the box that says "reset all folders?"
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let move that file:
    For the Custom CFScript:
    Set up and run the CFFix just like in my Reply #10 and #15. But the only thing you will have in the Code box is below:
    Code:
    KillAll::
    File::
    Folder::
    c:\windows\Hpabijigokimakig.bin
    
    Finish with the drag and drop, same as #10 and 15

    Leave the log it will create. If it has been moved and the original malware problems have resolved, I'll have you remove the cleaning tools and old restore points.

    I mean do this:


    • [*] Go to Tools > Folder Options.
      [*] Select the View tab.
      [*] Recheck "Don't show hidden files and folders."
      [*] Recheck Hide extensions of known file types.
      [*] Recheck Hide protected operating system files (Recommended)..
      [*] Click > Apply> OK.
  20. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    Ok, I ran the cmbofix with the log you provided. Its attached

    Attached Files:

  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Well, even beating the file over the head didn't remove it! Try renaming it> just add old to the end of the folder name. Then try the right click> Delete.

    c:\windows\Hpabijigokimakig.binold
  22. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    OK, its deleted. Anything else? I still get the redirection while searching..
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please describe the redirecting:

    1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
    2. Does a different site load?
    3. Does any site load?
    4. Are the sites the same/different?
    5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?
    6. Does it happen on all searches?
    7. Does it happen with multiple browsers?
  24. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    1. It doesnt happen always, but almost always. About 3/4 times it happens. I type in any search in google or bing or anything, even other sites that have a link, and my browser goes white like its loading, only its being redirected to a different site.
    2. So yes, a new site loads
    3. No, not just any sites load, I think there is 2 or 3 different ones
    4. They are different sites, but look similar in their layout.
    5. I am sure its not any google affiliated site or page saying DNS server, it is an actual site, like you know if you type in a websites name in the url bar but misspell it by a letter, you get a website you didnt want that has just crap on it? Its like that.
    6. It happens on almost every search
    7. And it happens on every browser. Like ive been using firefox since it came out, and thats where it originiated, and now im on internet explorer and its doing the same thing.

    I will search alot and take some screen shots and attach them as jpegs so you can see for yourself.

    Also, ive found that bookmarks NEVER do the redirection. its only search links, if that means anything.
  25. tmort23

    tmort23 Newcomer, in training Topic Starter Posts: 28

    OK, heres what I found. I searched until I came across every redirect site. I took a screen shot and pasted in paint, then saved. (Hope you are allowed to open jpegs..)

    This will give you a look at the websites.

    redirect 1.jpeg is the first site
    redirect 2.jpeg is what happens when I click a link, before it becomes redirected.
    redirect 3.jpeg is a redirected site
    redirect 4.jpeg is a redirected site.

    And I also attached a notepad file, I hope it will help you, i copied the url bar while it was loading, becoming redirected. You may find something in the url that will help you. There are 2 urls.

    Let me know what you think/find.

    Thanks.

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.