Redirected when surfing

doda69 · Oct 12, 2011

All processes killed
========== OTL ==========
Service gusvc stopped successfully!
Service gusvc deleted successfully!
HKU\S-1-5-21-2876227700-2714291294-179404300-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002681_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12 moved successfully.
C:\Documents and Settings\All Users\Application Data\xm0027l08180a5ua1qa5il8m0807v3j80cbxr1fj11m12 moved successfully.
C:\WINDOWS\Lpayo.dat moved successfully.
C:\WINDOWS\Rnizokesikomeje.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\lsdb\prev folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\lsdb folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG10 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AVG10 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP3A96964 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP287FACF deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 328038 bytes
->Java cache emptied: 196293 bytes
->Flash cache emptied: 74168 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15678 bytes

User: Owner
->Temp folder emptied: 16374082 bytes
->Temporary Internet Files folder emptied: 12268174 bytes
->Java cache emptied: 13149942 bytes
->FireFox cache emptied: 6935168 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53303 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 5889959 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33234 bytes
RecycleBin emptied: 1599 bytes

Total Files Cleaned = 53.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot]•Then click the Run Fix button at the top> in the current context!
Error: Unable to interpret <•Let the program run unhindered, reboot the PC when it is done> in the current context!

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_143707

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7FFF.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8011.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8414.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8426.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF852C.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8542.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFF09E.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFF0BB.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3JDQLV91\component[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\3JDQLV91\topic171347-2[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_230.dat not found!

Registry entries deleted on Reboot...

doda69 · Oct 12, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Norton Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

doda69 · Oct 12, 2011

D:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Broni · Oct 12, 2011

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

doda69 · Oct 13, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33234 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 389860 bytes
->Temporary Internet Files folder emptied: 30147557 bytes
->Java cache emptied: 279335 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 700 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 611244 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 418013 bytes

Total Files Cleaned = 30.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.29.1 log created on 10132011_084956

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF70C3.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7121.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF71B4.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF71C4.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7307.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF7317.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TZAYH6OD\918[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G13EV9Q1\topic171347-3[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0AW90PBC\component[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0AW90PBC\partner[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2bc.dat not found!

Registry entries deleted on Reboot...

Broni · Oct 13, 2011

13. Please, let me know, how your computer is doing.

Whenever ready.

doda69 · Oct 13, 2011

ok.. I'm not being redirected which is good ..when I went to startup check list I have some programs that it says to remove .. when i disable them and apply it sats I need an addministators acount which i am ..do I go to norman mode now?

comp is slow on start up to fiirst page then better

Broni · Oct 13, 2011

when I went to startup check list I have some programs that it says to remove .. when i disable them and apply it sats I need an addministators acount which i am ..do I go to norman mode now?

I'm not sure what you're saying...

comp is slow on start up to fiirst page then better

Do you mean browser?

doda69 · Oct 14, 2011

I went to Techspot ..extras..start up list progams .

ran msconfig.. gave me all my start up.. i checked them against the list and tryied to remove the ones it said were dangerous..
popup read need an addministrators account to make changes here..which my comp says I am.
when popup says go back to normal mode all the programs are back in statup .

when I open internet explorer,or other site from the desktop it takes about a minute to open .. hour glass comes right away disappears and a long while later the page opens. when surfing from site to site pages take a while

I hope this explains this better

thank you again for your help

Broni · Oct 14, 2011

Why are you playing with "msconfig"?
"msconfig" should never be used as a startup control.

it said were dangerous

Who said that?

As for your browser?
Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same problem?

doda69 · Oct 17, 2011

techspot -extras- under start up--it gives a list of dangerous start up programs and says to remove

doda69 · Oct 17, 2011

internet explorer is currently running without add-ons

doda69 · Oct 17, 2011

which add-ons do i enabe or disable

Broni · Oct 17, 2011

There is nothing dangerous running on your computer.

Then I need to know if IE runs fine with no adds.

doda69 · Oct 19, 2011

sorry my mistake I see where the add-on are...but which ones do I disable is a puzzel.. I tried to do a system restore back to Oct.13 in case I changed something I should not have but the system won't let me.

Broni · Oct 19, 2011

I never asked you to use system restore.
All I said....

Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same problem?

doda69 · Oct 19, 2011

Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons).

Internet Explorer is currently running without add-ons

All Internet Explorer add-ons, such as ActiveX controls or toolbars, are turned off. Some webpages might not display correctly.
To continue to your home page, click the Home button.
To browse using add-ons, close Internet Explorer and then start it again.
Check for the latest Windows updates.

How do browser add-ons affect my browsing experience?

other than "internert Explorer is currently running without add-on " popping up at the top of every page it looks like everything is ok

Broni · Oct 19, 2011

You were complaining:

when I open internet explorer,or other site from the desktop it takes about a minute to open .. hour glass comes right away disappears and a long while later the page opens. when surfing from site to site pages take a while

I've been trying to get a simple answer from you....
Are you having the above issue when running IE with no add-ons?

doda69 · Oct 20, 2011

everything right now seems good browsing is faster than before... but I had enabled almost all toolbar and extentions in (IE add ons)..I don't know if I did right or wrong

Broni · Oct 20, 2011

Good news then

TechSpot

Welcome to TechSpot

Redirected when surfing

doda69 Newcomer, in training Posts: 38

doda69 Newcomer, in training Posts: 38

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

doda69 Newcomer, in training Posts: 38

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

doda69 Newcomer, in training Posts: 38

Broni Malware Annihilator Posts: 39,341 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.