IE problem with site redirection, but not startup page

[ake21030]

Hi. I'm trying to fix a friend's computer. The issue is that whenever you launch IE, you can move around a bit on your own, but then you start getting other windows launching for other sites. The usual first one is for hollywood.com. I had the additional problem of the task manager not displaying correctly for one of the users of the system, but would display for others. Under advice from the net, I deleted that profile and created another one. While that cleared up the problem for task manager, now when I click on "My documents" there are no folders for photos, music, etc. Belatedly, I checked the "Default User" under docs and settings only to find there wasn't one. Yikes! Anyway, my main concern right now is the malware. Although that profile is for the my friend, the main user of the system, just fyi.

The first thing I did was install McAfee and then I downloaded AdwareAlert, thinking it was Ad Aware from Lavasoft. It wasn't. (I think I've gotten rid of all traces of it, but perhaps not. Either way, the primary problem still exists.) Then, I downloaded Ad Aware 2007 from lavasoft. Problem still exists. I deleted all the temp folders, temp internet files, and history folders for all users under local settings, along with all the cookies. Now that I've thoroughly hosed things up (i.e. the problem is still there) I decided to see what I could find on the net. Occassionally I would get an error message from IE stating a page could not be loaded. The website is res://C:\WINDOWS\system32\shdoclc.dll/navcancl.htm. I found some hits on that site, so I followed the removal instructions, but I still have the problem with IE. Since the removal instructions included running HJT, here's the latest log. If it matters, the machine is a Dell.

Can anyone help or give me some advice on how to proceed from this point. I'm not really looking forward to reinstalling the OS, but that my next course of action unless one of you can help dig my ***** out of the fire of my own creating!

Thanks!
Julie

HJT log

 

[Rik]

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of ake21030 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ake21030]

Thanks. Do I disable McAfee and AdAware while I do all of those steps?

 

[Rik]

Nope, just disable any active protection temporarily as per the instructions.



This thread is for the use of ake21030 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ake21030]

I didn't check any boxes on HJT because the instructions didn't say to do that.

The rootkit scan didn't find anything.

OK. I feel stupid. When I click on either the "paperclip" or "manage attachments", I just get an "error on page" message in the lower left corner of IE. Any advice on how to attach the files?

I went back in and "edited" the message, so maybe they are attached. We'll see!!

aha! success in uploading!

I await whatever wisdom you bestow! I will say, that I've had IE open now for several minutes and have not gotten the "hollywood.com" webpage yet, so maybe my problem is fixed.

If so, that would bring me to the empty folders on the start menu for the newly created account, which happens to be the main user log on. In particlar, there are no programs listed under "accessories-->accessibility" or "accessories-->entertainment" or under games. Any idea on how to restore those? I don't want to go back to a restore point if the buggies are all gone now!

Thanks SOOOOOO much for your help!
Julie

 

[Rik]

Your HJT log looks clean.

Fixing the other problem shouldnt be too difficult depending on how computer savvy you are. You should be able to go into "documents and settings", "all users" then copy and paste the chortcuts into the empty directories.


This thread is for the use of ake21030 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Hello and welcome to Techspot.

All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

It also appears you`re running two antivirus programmes, Mcafee and AVG. This is not recommended, will slow your system down and can cause serious conflicts. I recommend you uninstall one antivirus programme.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh AVG Antispyware and Combofix log.

Regards Howard :wave: :wave:

This thread is for the use of ake21030 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ake21030]

I think it's weird that the AVG log says "No action taken." I specifically followed the directions and chose "Quarantine". It was very difficult to do because I was in Safe Mode and the AVG window was centered on my screen, with no way to scroll up, down, left or right. I was thankful that the choice was visible on my screen.

I will however, follow these new instructions as well and post the results. I seem to prefer the AVG software, can you tell me how to UNINSTALL McAfee? I can't find anything that says uninstall, only Security Center.

Thanks!!
Julie

 

[howard_hopkinso]

Take a look HERE for McAfee uninstallation instructions.

Regards Howard

 

[Rik]

You should be able to scroll around in safe mode with the arrow keys on your keyboard.

 

[ake21030]

Post Avenger stuff

First, almost as soon as I posted I remembered add/remove programs from the control panel. Duh! It removed McAfee without problems.

Second, I figured out why the log showed "no action taken" and it was because the choices after the report finishes isn't just to "save report" which is what I chose, it also has the "take action" button, which I did NOT initially press. Now that I figured out how NOT to do it, I think I was successful this time around!

At anyrate, here are the logs. I ran a HJT at the very end, just for kicks and I've attached it as well as the ones you requested.

I can easily copy the All Users to Default Users and then to the individual profiles I need. I just wasn't sure if that would actually work or screw things up more.

Thanks!
Julie

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Your log files are clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

Download and install one of the free firewall programmes below.

Zonealarm Kerio or Comodo free firewall programmes.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of ake21030 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[ake21030]

Great!!! Thanks so much for all your help. I really appreciate the quick responses.

Julie