Resolved Browser hijacker affects google search results

[mmpotyq96]

Hello, I just discovered this problem. I deleted the items identified in MWB.
Logs below. Thanks for any help!

MWB

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7425

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/10/2011 8:02:28 AM
mbam-log-2011-08-10 (08-02-28).txt

Scan type: Quick scan
Objects scanned: 193688
Time elapsed: 16 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-10 08:14:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61590
Running: nh9qgp1f[1].exe; Driver: C:\DOCUME~1\Erik\LOCALS~1\Temp\uwlcrpod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF756DD70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF756DD84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF756DDB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF756DE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF756DD5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF756DD34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF756DD48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF756DD9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF756DDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF756DDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF756DE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF756DE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF756DDF0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----



DDS
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Erik at 8:15:09 on 2011-08-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6253\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110615183859.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Sonic RecordNow!]
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\office
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{C580D4A9-6AE3-4457-BED1-0240C9129A24} : DhcpNameServer = 208.59.247.45 208.59.247.46
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-5 459728]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-5 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-5 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-5 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-5-5 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-5 165000]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-5 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-5 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-5 57432]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-5 179248]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-5 59288]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-5 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-5 83688]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-10 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-5 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-5 85984]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2011-08-10 11:44:26 -------- d-----w- c:\documents and settings\erik\application data\Malwarebytes
2011-08-10 11:38:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-10 11:38:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-10 11:37:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 11:37:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 11:24:39 388096 ----a-r- c:\documents and settings\erik\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-10 11:24:36 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-06-13 13:07:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:18:31.89 ===============

 

[Bobbye]

Welcome to TechSpot! I'll help with the redirect.

Please paste the Attach.txt log into your next reply. Attach is the name, not the direction and comments in the instruction say not to attach or zip

Can you describe to me how you mean "browser hijacker affects Google search results?" Are you being redirected to a site you didn't choose, after you do Google search and choose a site? Browser Hijack and search redirect are not necessarily the same thing.
==========================================================
Your Java is badly out of date. You have Java 2 Runtime Environment, SE v1.4.2. The current version is v6u26. Please update now: Java Updates . Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
=====================================
There will be malware in the Java Cache because of this, so we need to empty it:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
===============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[mmpotyq96]

Thanks for the response.

I updated Java and cleared the Java cache.

I was unable to download Combofix- the first time I got an error due to McAfee blocking it, so I turned off McAfee. Then it showed the download box as "completed" but an error message said "cannot rename as Combofix[1]." There was no box to select the file name or destination. I can't find the existing Combofix file on my computer and the uninstall command couldn't find it either.

While restarting after the Java installation, Windows Updater downloaded a number of security updates, but I didn't install them yet.

Here is the paste of the "attach" file I attached earlier:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2004 7:35:37 PM
System Uptime: 8/10/2011 8:04:11 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Microprocessor | 2392/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 38 GiB total, 0.532 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1415: 7/26/2011 10:10:47 PM - System Checkpoint
RP1416: 7/30/2011 2:45:00 PM - System Checkpoint
RP1417: 8/3/2011 8:12:07 AM - System Checkpoint
RP1418: 8/8/2011 6:48:43 PM - System Checkpoint
RP1419: 8/10/2011 7:24:32 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.1.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
aspi
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Broadcom Management Programs
Calendar Creator 10
Canon iP3500 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCHelp
CCScore
CK Creative Clips and Fonts for Special Occasions
CleanUp!
Clue
CR2
Creative Lettering Combo
DA920EN
Dell AIO Printer A920
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
DirectX Media Runtime 5.1
DS21Patch
DVDSentry
Epocrates Essentials
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Customization
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 3
Icy Tower v1.3.1
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
iPod for Windows 2006-01-10
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Jewel Quest
Kid Pix Studio Deluxe
Kodak EasyShare software
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Internet Security
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notifier
OTtBP
PCDLNCH
PowerDVD
QuickTime
RealOne Player
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
Shockwave
Sierra Utilities
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
Works Suite OS Pack
Zuma Deluxe 1.0
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 6:59:59 AM, error: DCOM [10001] - Unable to start a DCOM Server: {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
8/8/2011 5:59:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
8/3/2011 6:41:44 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C580D4A9-6AE3-4457-BED1-0240C9129A24} because another computer on the network has the same name. The server could not start.
8/10/2011 8:03:31 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\resources\themes\luna\luna.msstyles could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
8/10/2011 7:52:44 AM, information: Windows File Protection [64004] - The protected system file oembios.sig could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
8/10/2011 7:52:44 AM, information: Windows File Protection [64004] - The protected system file oembios.dat could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
8/10/2011 7:52:44 AM, information: Windows File Protection [64004] - The protected system file oembios.bin could not be restored to its original, valid version. The file version of the bad file is 0.0.0.1 The specific error code is 0x800b0100 [No signature was present in the subject. ].
.
==== End Of File ===========================

 

[mmpotyq96]

PS- the problem I have is a redirect: when I click on a google search result, the browser gets sent to a different page (something related to the search result).

 

[Bobbye]

Thank you.

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file,:
Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download again, but rename combofix.exe tommpoty.exe BEFORE saving it to your desktop. Do NOT run it yet.
-------------------------------------
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.pif
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
Once you've gotten one of them to run

• immediately double click on mmpoty.exe to run
• If normal mode still doesn't work, run BOTH tools from safe mode.

In you have done #2, please post BOTH logs, rKill and Combofix.
=============================================
Follow with this:

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Logs in next reply please.

 

[mmpotyq96]

Thanks for the reply.

I managed to run Combofix, having first turned off Mcafee. While it was running, it appeared to reset the taskbar, and Mcafee came back on, giving me a notice of "trojan removed." However, Combofix finished running.

I then ran exehelper and eset. Eset came up with no malware.

When restarting the computer, I found out that the latest windows and IE7 updates did install.

Unfortunately, the original problem has not gone away.

Logs follow:

Combofix:

ComboFix 11-08-09.02 - Erik 08/12/2011 8:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.554 [GMT -4:00]
Running from: c:\documents and settings\Erik\Desktop\mmpoty.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Abby\WINDOWS
c:\documents and settings\Erik\WINDOWS
c:\documents and settings\Kate\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\ie.ico
c:\windows\system32\open.ico
c:\windows\system32\twain.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-10 17:11 . 2011-08-10 17:11 -------- d-----w- c:\program files\Common Files\Java
2011-08-10 17:11 . 2011-08-10 17:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-10 17:11 . 2011-08-10 17:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-10 11:44 . 2011-08-10 11:44 -------- d-----w- c:\documents and settings\Erik\Application Data\Malwarebytes
2011-08-10 11:38 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-10 11:38 . 2011-08-10 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-10 11:37 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-10 11:37 . 2011-08-10 11:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 11:24 . 2011-08-10 11:24 388096 ----a-r- c:\documents and settings\Erik\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-10 11:24 . 2011-08-10 11:24 -------- d-----w- c:\program files\Trend Micro
2011-07-22 16:35 . 2011-07-22 16:35 3613696 ----a-w- c:\windows\system32\SET4B.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2011-06-21 18:45 832512 ----a-w- c:\windows\system32\SET42.tmp
2011-06-21 18:45 . 2011-06-21 18:45 52224 ----a-w- c:\windows\system32\SET4C.tmp
2011-06-21 18:45 . 2011-06-21 18:45 478720 ----a-w- c:\windows\system32\SET4A.tmp
2011-06-21 18:45 . 2011-06-21 18:45 44544 ----a-w- c:\windows\system32\SET46.tmp
2011-06-21 18:45 . 2011-06-21 18:45 233472 ----a-w- c:\windows\system32\SET43.tmp
2011-06-21 18:45 . 2011-06-21 18:45 1168896 ----a-w- c:\windows\system32\SET44.tmp
2011-06-21 18:45 . 2011-06-21 18:45 106496 ----a-w- c:\windows\system32\SET45.tmp
2011-06-21 18:45 . 2011-06-21 18:45 63488 ----a-w- c:\windows\system32\SET5C.tmp
2011-06-21 18:45 . 2011-06-21 18:45 6076416 ----a-w- c:\windows\system32\SET55.tmp
2011-06-21 18:45 . 2011-06-21 18:45 468480 ----a-w- c:\windows\system32\SET4D.tmp
2011-06-21 18:45 . 2011-06-21 18:45 380928 ----a-w- c:\windows\system32\SET57.tmp
2011-06-21 18:45 . 2011-06-21 18:45 347136 ----a-w- c:\windows\system32\SET5E.tmp
2011-06-21 18:45 . 2011-06-21 18:45 268288 ----a-w- c:\windows\system32\SET51.tmp
2011-06-21 18:45 . 2011-06-21 18:45 214528 ----a-w- c:\windows\system32\SET5D.tmp
2011-06-21 18:45 . 2011-06-21 18:45 124928 ----a-w- c:\windows\system32\SET60.tmp
2011-06-21 18:45 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2002-08-29 11:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2002-08-29 11:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2011-06-20 17:44 293376 ----a-w- c:\windows\system32\SETB2.tmp
2011-06-13 13:07 . 2011-05-15 13:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-13 151597]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-03 270336]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 36904]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/5/2010 7:09 PM 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/5/2010 7:08 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/5/2010 7:08 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/5/2010 7:09 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/5/2010 7:09 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/5/2010 7:08 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/5/2010 7:09 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/5/2010 7:09 PM 83688]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 7:03 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 7:03 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [8/10/2011 7:38 AM 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/5/2010 7:09 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/5/2010 7:09 PM 85984]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:03]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
AddRemove-HijackThis - c:\documents and settings\Erik\Local Settings\Temporary Internet Files\Content.IE5\HZRU0SXU\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 08:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2011-08-12 08:28:55
ComboFix-quarantined-files.txt 2011-08-12 12:28
.
Pre-Run: 765,370,368 bytes free
Post-Run: 1,417,498,624 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 152DFABF1939BC661465BA252B671CC3


Exehelper:

exeHelper by Raktor
Build 20100414
Run at 08:00:49 on 08/12/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[Bobbye]

I don't think you're going to be able to do much of anything! You have no hard drive 'space' available:
C: is FIXED (NTFS) - 38 GiB total, 0.532 GiB free. You are suppose to have as close to 80% of the hard drive free as possible> You have 1%.

If you want to keep this system, you need to get an external hard drive.

This is virtually none. There is no space to install programs. Before doing much of anything, you need to go into Add/Remove Programs and uninstall everything that you no longer use or don't need.

How much RAM do you have installed?

 

[mmpotyq96]

I know, you are right about the hard disk issue. The computer is old but has run satisfactorily for quite a while with very limited space and the occasional use of an external (mostly for backup).

I've taken this whole situation as a sign that my family is right and it's time to replace the old machine. I'm writing this post on the new computer, so thank you for the help you've given.

 

[Bobbye]

Congratulations on the new computer! Thank you for the update. I'm leaving you with some tips to help keep the new system clean:

Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   Clean the temporary internet files often:
   [o] Temporary File Cleaner
   [o] ATF Cleaner by Atribune
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.