yahoo and google redirect help needed

**lt1bird** · 2011-10-21, 12:11

Thanks for the help, repeat customer.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Dan at 6:07:29 on 2011-10-21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.414 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Norton antivirus\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hot Keyboard Pro1\HotKeyb.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Norton antivirus\defwatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CoCreate\MEls\MEls32.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
c:\program files\oem\msaspgh\msaspghost.exe
C:\Program Files\Norton antivirus\rtvscan.exe
C:\Program Files\CoCreate\OSDM_Server_2006\SDserver.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dynotunenitrous.com/store/Scripts/default.asp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ws_ftp pro\wsbho2k0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Hot Keyboard] c:\program files\hot keyboard pro1\HotKeyb.exe -minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB002" /M "Stylus CX7800"
mRun: [GoToMyPC] c:\program files\citrix\gotomypc\g2svc.exe -logon
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [vptray] c:\program files\norton antivirus\vptray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\dan\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Assign &hot key - c:\program files\hot keyboard pro1\IEScript.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297737672125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5130D4FD-3D68-4F6E-B691-0FCC52C9AC78} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BEAC1E04-F613-40AA-B8BD-9A892AAA96F2} : DhcpNameServer = 192.168.1.2
.
============= SERVICES / DRIVERS ===============
.
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2005-8-17 9856]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-20 366152]
R2 MEls;MEls;c:\program files\cocreate\mels\MEls32.exe [2006-3-1 6410240]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\oem\msaspgh\MSASPGHost.exe [2004-9-9 49152]
R2 NAVAPEL;NAVAPEL;c:\program files\norton antivirus\Navapel.sys [2001-12-4 8464]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\norton antivirus\rtvscan.exe [2001-12-5 471040]
R2 SDserver2006;SDserver2006;c:\program files\cocreate\osdm_server_2006\SDserver.exe [2006-10-18 102400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-20 22216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2005-7-26 14336]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2010-1-6 14592]
.
=============== File Associations ===============
.
.scr=AutoCADLTScript
.
=============== Created Last 30 ================
.
2011-10-21 01:15:42 -------- d-----w- c:\documents and settings\dan\application data\Malwarebytes
2011-10-21 01:15:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-21 01:15:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 01:15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-20 23:20:29 98816 ----a-w- c:\windows\sed.exe
2011-10-20 23:20:29 518144 ----a-w- c:\windows\SWREG.exe
2011-10-20 23:20:29 256000 ----a-w- c:\windows\PEV.exe
2011-10-20 23:20:29 208896 ----a-w- c:\windows\MBR.exe
2011-10-20 23:20:19 -------- d-----w- C:\ComboFix
2011-10-20 11:06:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 03:21:47 69120 --sha-r- c:\windows\system32\kbdgr0.dll
2011-10-02 21:48:08 -------- d-----w- c:\windows\system32\Silabs
2011-10-02 21:48:06 -------- d-----w- c:\program files\EasyLog USB
2011-09-28 01:42:01 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-09-28 01:42:01 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-09-28 01:19:57 -------- d-----w- c:\program files\Lascar
2011-09-25 02:41:09 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
.
============= FINISH: 6:08:13.01 ===============

-------------------------------------------------------------------------

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2005 11:16:09 AM
System Uptime: 10/20/2011 8:27:53 PM (10 hours ago)
.
Motherboard: AOpen | | UX945G
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | | 2800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 179.97 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9
AOpen VA2000 WDM Drivers
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Display Driver
AutoCAD LT 97
CircuitMaker 6 Student
CoCreate License Server 14.0.1
CoCreate OneSpace Designer Library3D 2006
CoCreate OneSpace Designer Modeling 2006
CoCreate OneSpace Designer Modeling Server 2006
CoCreate OneSpace Modeling Personal Edition
CoCreate OneSpace.net Application Manager
CoCreate OneSpace.net Runtime Environment
CorelDRAW Graphics Suite 12
DWGeditor
EasyLog USB
eDrawings 2006
eMachineShop
EPSON CX 7800 Guide
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
FTDI USB Serial Converter Drivers
getPlus(R) for Adobe
Google Earth
GoToMyPC
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hot Keyboard Pro 2.8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 11
KPT(R) Collection
LiveUpdate 1.7 (Symantec Corporation)
Lotus SmartSuite - English
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Silverlight
MSASPGH
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
Netscape (7.2)
Nikon Message Center
Norton AntiVirus Corporate Edition
OpenOffice.org Installer 1.0
Panel Pilot
PictureProject
Power Commander 3 USB
Power Commander Control Center 3.2.0 (Test Build 1)
PowerDVD
PSIM-in-DOSBox ver: 1.2
PTC ProductView Express - Wildfire 2.0 (F000)
QuickBooks Basic 2002
Quicken 2006
QuickTime
Realtek High Definition Audio Driver
S800
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SolidWorks 2006 Personal Edition
Spybot - Search & Destroy
TFI CODER v1.6
Turbo Lister
Two Stroke Engine Expansion Chamber Design Utility
Ulead PhotoImpact 4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
WebFldrs XP
Windows Driver Package - Lascar Electronics Ltd. (usbser) Ports (01/02/2010 1.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB973768
WinZip
.
==== Event Viewer Messages From Past Week ========
.
10/20/2011 8:17:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/20/2011 8:12:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/20/2011 8:11:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/20/2011 8:08:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
10/20/2011 7:06:30 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVEX15\0000 disappeared from the system without first being prepared for removal.
10/20/2011 7:06:30 AM, error: NAVAP [20] - Unable to initialize the virus scanning engine database files.
.
==== End Of File ===========================

**jeffce** · 2011-10-21, 18:41

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

GMER

Download GMER Rootkit Scanner from here or here.

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

I see that you have run ComboFix on this system before? When was the last time you ran that tool? If you have the log for that still could you post that please? It would be found here >> C:\ComboFix.txt

In your next reply please post the log created by GMER and let me know what symptoms your system is having that is making you think you have some type of infection?

**lt1bird** · 2011-10-22, 00:31

Thanks Jeff for the help. I could not find the combofix log...Dont think I saved it, said nothing was found??

Used combofix a few days ago... Sorry, ran GMER with my antivirus and tea timer on if thats an issue let me know, I will remeber next time!

I am having a re-direct in google and yahoo when I seach for somehting, then click on the link. if I type in the addy or link direct it works fine. Other than that the computer seems to be working fine. It redirects to some page like super yellow pages etc...

Gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-21 18:22:51
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250823AS rev.3.03
Running: gmer.exe; Driver: C:\DOCUME~1\Dan\LOCALS~1\Temp\fflcapog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DF3000, 0x1894F8, 0xE8000020]
? C:\DOCUME~1\Dan\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[5292] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fastfat \Fat 96510C8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 488392065

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------

**jeffce** · 2011-10-22, 03:02

Hi lt1bird,

If you still have the ComboFix icon on your Desktop please delete it then follow these instructions...

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

**lt1bird** · 2011-10-22, 05:14

ComboFix 11-10-19.06 - Dan 10/21/2011 22:55:30.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.377 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\gotomon.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-21 01:15 . 2011-10-21 01:15 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2011-10-21 01:15 . 2011-10-21 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-21 01:15 . 2011-10-21 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 01:15 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-20 11:06 . 2011-10-20 11:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 03:21 . 2011-10-20 03:21 69120 --sha-r- c:\windows\system32\kbdgr0.dll
2011-10-02 21:48 . 2011-10-02 21:49 -------- d-----w- c:\windows\system32\Silabs
2011-10-02 21:48 . 2011-10-02 21:48 -------- d-----w- c:\program files\EasyLog USB
2011-09-28 01:42 . 2004-08-04 03:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-09-28 01:42 . 2004-08-04 03:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-09-28 01:20 . 2011-09-28 01:20 -------- d-----w- c:\program files\DIFX
2011-09-28 01:19 . 2011-09-28 01:19 -------- d-----w- c:\program files\Lascar
2011-09-25 02:41 . 2011-09-25 02:41 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-20_23.31.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-22 03:05 . 2011-10-22 03:05 16384 c:\windows\Temp\Perflib_Perfdata_1dc.dat
+ 2011-10-22 03:05 . 2011-10-22 03:05 1536 c:\windows\Temp\LogMesg.dll
- 2011-10-20 23:31 . 2011-10-20 23:31 1536 c:\windows\Temp\LogMesg.dll
+ 2011-10-22 03:06 . 2011-10-22 03:06 708608 c:\windows\ERDNT\AutoBackup\10-21-2011\Users\00000002\UsrClass.dat
+ 2011-10-22 03:06 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\10-21-2011\ERDNT.EXE
+ 2011-10-21 00:35 . 2011-10-21 00:35 708608 c:\windows\ERDNT\10-20-2011\Users\00000002\UsrClass.dat
+ 2011-10-21 00:35 . 2005-10-20 16:02 163328 c:\windows\ERDNT\10-20-2011\ERDNT.EXE
+ 2011-10-22 03:06 . 2011-10-22 03:06 9756672 c:\windows\ERDNT\AutoBackup\10-21-2011\Users\00000001\ntuser.dat
+ 2011-10-21 00:35 . 2011-10-21 00:35 9756672 c:\windows\ERDNT\10-20-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Keyboard"="c:\program files\Hot Keyboard Pro1\HotKeyb.exe" [2006-03-23 612056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 249904]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"vptray"="c:\program files\Norton antivirus\vptray.exe" [2001-12-05 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\Dan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Ulead Update"=rundll32 "c:\documents and settings\Dan\Local Settings\Application Data\ApplicationHistory\ApplicationHistoryUpdate\ApplicationHistoryupdt32.dll",DllRegisterServer
"AppleManagerUpdate"=rundll32.exe "c:\documents and settings\All Users\Application Data\AppleManagerUpdate.dll",DllRegisterServer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"USSShReg"=c:\progra~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"vptray"=c:\program files\Norton antivirus\vptray.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"SoundMan"=SOUNDMAN.EXE
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AlcWzrd"=ALCWZRD.EXE
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
.
R1 CXAVSAUD;AOpen VA2000 Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [8/17/2005 7:53 PM 9856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 9:15 PM 366152]
R2 MEls;MEls;c:\program files\CoCreate\MEls\MEls32.exe [3/1/2006 3:26 PM 6410240]
R2 MSASPGHost;MSAS Plugin Host Service;c:\program files\OEM\MSASPGH\MSASPGHost.exe [9/9/2004 6:43 PM 49152]
R2 SDserver2006;SDserver2006;c:\program files\CoCreate\OSDM_Server_2006\SDserver.exe [10/18/2006 7:21 PM 102400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 9:15 PM 22216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/26/2005 6:00 PM 14336]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [1/6/2010 4:00 PM 14592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dynotunenitrous.com/store/Scripts/default.asp
IE: Assign &hot key - c:\program files\Hot Keyboard Pro1\IEScript.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
.scr=AutoCADLTScript
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{113ED6EE-EE5F-432C-B0C5-2B643B7B54Ce} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 23:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6616)
c:\windows\system32\WININET.dll
c:\program files\Hot Keyboard Pro1\hkhook21.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Norton antivirus\defwatch.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Citrix\GoToMyPC\g2comm.exe
c:\program files\Citrix\GoToMyPC\g2pre.exe
c:\program files\Citrix\GoToMyPC\g2tray.exe
c:\program files\Norton antivirus\rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\MsgSys.EXE
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-10-21 23:09:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-22 03:09
ComboFix2.txt 2011-10-20 23:37
ComboFix3.txt 2009-02-02 23:29
.
Pre-Run: 193,134,735,360 bytes free
Post-Run: 193,105,866,752 bytes free
.
- - End Of File - - F43A81060C9A30A575438A66CC2EB1D3

**jeffce** · 2011-10-22, 15:08

Hi lt1bird,

I see that you have Malwarebytes on your system already. Please open that program, update it and then run a Quick Scan. Save the log created to your Desktop so you can post it into your next reply.
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

Do not use this instance of your browser for anything besides doing this scan
When the scan is complete and the results saved, close that instance of your browser
Open a new one the usual way and post the results in this topic.

Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the Start button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner.

**lt1bird** · 2011-10-22, 17:50

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7999

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10/22/2011 10:45:38 AM
mbam-log-2011-10-22 (10-45-38).txt

Scan type: Quick scan
Objects scanned: 180762
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------------

ESET SCAN

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\AppleManagerUpdate.dll.vir Win32/TrojanDownloader.Tracur.I trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Dan\Local Settings\Application Data\ServiceWOW64.dll.vir a variant of Win32/Kryptik.UHI trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\ApplicationHistoryUpdate\ApplicationHistoryupdt32.dll.vir a variant of Win32/Kryptik.UHI trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdhcp32.dll.vir probably a variant of Win32/Lukicsel.T trojan

**jeffce** · 2011-10-22, 20:00

Hi lt1bird,

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9 first. Be sure to move any PDF documents to another folder first though.
----------

Please download JavaRa to your desktop and unzip it to its own
folder

Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.

----------

I notice that you are running Windows XP service pack 2. The most recent version is service pack 3. You should press Start > All Programs > Windows Update to download all necessary updates.

Let me know if you have any problems with any of these steps.
How is your system running now?

**lt1bird** · 2011-10-22, 22:34

Seems to not be redirecting any more....
when I try and update to servicepak 3 it does not work
"Windows XP Service Pack 3 (KB936929)" failed
Ive tried to update before but for some reason it fails during updates. Wonder if I should update to the newer windows?

**jeffce** · 2011-10-23, 00:36

Hi lt1bird,

Seems to not be redirecting any more....

Download Windows XP Service Pack 3 from here. Once you get that downloaded go ahead and install it. Let me know how that works for you.

Thread: yahoo and google redirect help needed

Thread Tools

Display

yahoo and google redirect help needed

Posting Permissions