Spyware/malware redirecting websites

July 13, 2009 at 11:53:35
Specs: Windows XP
I have an issue with my search engines redirecting to other sites orr not finding sites at all when searching with Google. I did just remove a nasty spyware that hijacked my desktop called system security 2009. but since I removed it with spybot, I am having this redirecting problem as well as not being able to burn cds on my DVD drive. Any help would be appreciated.

See More: Spyware/malware redirecting websites

Report •


#1
July 13, 2009 at 12:52:32
Follow:

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
July 13, 2009 at 16:38:58
Malwarebytes' Anti-Malware 1.39
Database version: 2422
Windows 5.1.2600 Service Pack 3

7/13/2009 7:33:45 PM
mbam-log-2009-07-13 (19-33-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 230139
Time elapsed: 2 hour(s), 29 minute(s), 14 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 77

Memory Processes Infected:
C:\WINDOWS\SMINST\recguard.exe (Trojan.Dropper) -> No action taken.
C:\hp\KBD\kbd.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system\hpsysdrv.exe (Trojan.Dropper) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11412344 (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpsysdrv (Trojan.FakeAlert.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\recguard (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbd (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spybotsd teatimer (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swg (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_Shell (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weather (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hp software update (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft winupdate (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11412344 (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_Shell (Trojan.Hanam) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> No action taken.

Files Infected:
C:\Documents and Settings\All Users\Application Data\11412344\11412344.exe (Trojan.FakeAlert.H) -> No action taken.
c:\WINDOWS\system\hpsysdrv.exe (Trojan.FakeAlert.H) -> No action taken.
C:\WINDOWS\SMINST\recguard.exe (Trojan.Dropper) -> No action taken.
C:\hp\KBD\kbd.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Spybot - Search & Destroy\teatimer.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Compaq_Administrator\nah_xyhv.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\AWS\WeatherBug\Weather.exe 1 (Trojan.Dropper) -> No action taken.
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\AVG\AVG8\avgtray.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\msupdte.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\All Users\Application Data\11412344\11412344 .exe (Trojan.Dropper) -> No action taken.
c:\vtsthbb.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe70 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe71 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe73 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe1091 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe65 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344 .exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe1090 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe61 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe64 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe65 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe67 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe73 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe74 (Trojan.Dropper) -> No action taken.
c:\documents and settings\all users\application data\11412344\11412344.exe76 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe1087 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe46 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe63 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe64 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe68 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe70 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe71 (Trojan.Dropper) -> No action taken.
c:\program files\AVG\AVG8\avgtray.exe77 (Trojan.Dropper) -> No action taken.
c:\program files\AWS\weatherbug\weather .exe (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe1081 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe38 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe53 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe57 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe58 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe60 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe61 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe62 (Trojan.Dropper) -> No action taken.
c:\program files\Google\googletoolbarnotifier\googletoolbarnotifier.exe63 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe43 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe59 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe63 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe64 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe66 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe68 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe69 (Trojan.Dropper) -> No action taken.
c:\program files\HP\hp software update\hpwuschd2.exe76 (Trojan.Dropper) -> No action taken.
c:\program files\spybot - search & destroy\teatimer.exe1079 (Trojan.Dropper) -> No action taken.
c:\program files\spybot - search & destroy\teatimer.exe56 (Trojan.Dropper) -> No action taken.
c:\program files\spybot - search & destroy\teatimer.exe60 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe1086 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe58 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe61 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe63 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe65 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe67 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\SMINST\recguard.exe70 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe1088 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe47 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe60 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe63 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe64 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe65 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe66 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe67 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe73 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe74 (Trojan.Dropper) -> No action taken.
c:\WINDOWS\system32\msupdte.exe78 (Trojan.Dropper) -> No action taken.
c:\documents and settings\compaq_administrator\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> No action taken.
C:\glnx.exe (Trojan.Agent) -> No action taken.



Report •

#3
July 13, 2009 at 16:40:11
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2009 at 07:01 PM

Application Version : 4.26.1006

Core Rules Database Version : 3991
Trace Rules Database Version: 1931

Scan type : Complete Scan
Total Scan Time : 02:14:55

Memory items scanned : 556
Memory threats detected : 3
Registry items scanned : 5678
Registry threats detected : 14
File items scanned : 30854
File threats detected : 160

Trojan.Agent/Gen
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
C:\HP\KBD\KBD.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
[Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
[HP Software Update] C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
[AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\AVGTRAY.EXE
C:\PROGRA~1\AVG\AVG8\AVGTRAY.EXE
[11412344 ] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE
[KBD] C:\HP\KBD\KBD.EXE
[hpsysdrv] C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
[SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
[swg] C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
[nah_Shell] C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE70
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE71
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE73
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE1091
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE65
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344 .EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE1090
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE61
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE64
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE65
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE67
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE73
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE74
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE76
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\AVG 8.5\AVG TRAY ICON.LNK
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE1082
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE39
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE54
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE56
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE57
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE58
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE59
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE63
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\NAH_XYHV.EXE64
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE1087
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE46
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE63
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE64
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE68
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE70
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE71
C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE77
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER .EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE1081
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE38
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE53
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE57
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE58
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE60
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE61
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE62
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE63
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE43
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE59
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE63
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE64
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE66
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE68
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE69
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE76
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE1079
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE56
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE60
C:\VTSTHBB.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE1086
C:\WINDOWS\SMINST\RECGUARD.EXE58
C:\WINDOWS\SMINST\RECGUARD.EXE61
C:\WINDOWS\SMINST\RECGUARD.EXE63
C:\WINDOWS\SMINST\RECGUARD.EXE65
C:\WINDOWS\SMINST\RECGUARD.EXE67
C:\WINDOWS\SMINST\RECGUARD.EXE70
C:\WINDOWS\Prefetch\11412344 .EXE-2B3BD8C7.pf
C:\WINDOWS\Prefetch\11412344 .EXE-0BE2BDD7.pf
C:\WINDOWS\Prefetch\11412344 .EXE-283D236E.pf
C:\WINDOWS\Prefetch\11412344.EXE76-1EEA16A4.pf
C:\WINDOWS\Prefetch\HPSYSDRV.EXE-0E7EF3EF.pf
C:\WINDOWS\Prefetch\KBD.EXE-2AF7866F.pf

Trojan.Unclassified/MSUPDTE-Fake
[Microsoft WinUpdate] C:\WINDOWS\SYSTEM32\MSUPDTE.EXE
C:\WINDOWS\SYSTEM32\MSUPDTE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Microsoft WinUpdate [ C:\WINDOWS\system32\msupdte.exe ]

Rogue.Agent/Gen
[11412344] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\11412344\11412344.EXE
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#11412344
C:\Documents and Settings\All Users\Application Data\11412344

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@casalemedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstbeacon[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@serving-sys[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@burstnet[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tribalfusion[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@tacoda[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@invitemedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@xiti[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@interclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@smartadserver[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@a1.interclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstnet[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@imrworldwide[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@at.atwola[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@ads.pointroll[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@zedo[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@specificclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@collective-media[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@realmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revenue[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@adinterax[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@adlegend[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ads.bridgetrack[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ads.cnn[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ads.pointroll[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ads.socialreach[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@apmebf[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@at.atwola[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@atwola[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@cb.adbureau[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@chitika[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@collective-media[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@content.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@counter.marketplaceadvisor.channeladvisor[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@coxhsi.112.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ehg-findlaw.hitbox[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@findlaw[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@interclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@kontera[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@lawyers.findlaw[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@media.legacy[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@nextag[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@onestopinternet.122.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@pview.findlaw[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@socialmedia[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@specificclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@specificmedia[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@stats.clicktracks[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@stats.paypal[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@tracking.foxnews[2].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@traffic.buyservices[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Cookies\compaq_administrator@yieldmanager[1].txt

Trojan.Unknown Origin
HKU\s-1-5-21-1548575903-1935298038-543906495-1007\Software\Microsoft\Windows\CurrentVersion\Run#nah_Shell [ C:\Documents and Settings\Compaq_Administrator\nah_xyhv.exe ]

Trojan.Agent/Gen-NameThief[Smart]
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\COMPAQ_ADMINISTRATOR.EXE


Report •

Related Solutions

#4
July 13, 2009 at 16:43:06
Run both scan again and fix what it detects.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#5
July 13, 2009 at 20:15:26
I have run both scans again and removed items that were detected.

Report •

#6
July 13, 2009 at 20:45:22
Run a full scan with http://www.eset.com/onlinescan/
# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.

Illustrated tutorial: http://img155.imageshack.us/img155/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#7
July 13, 2009 at 22:55:13
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=231d2cabad6d6741846e59b2d763c2c0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-14 05:47:18
# local_time=2009-07-14 01:47:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1027 21 83 60 3150220776750
# scanned=113475
# found=3
# cleaned=3
# scan_time=4288
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Compaq_Administrator\nah_xyhv .exe a variant of Win32/Kryptik.XU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C

Report •

#8
Report •

#9
July 14, 2009 at 12:05:58
No, I am still having issues with redirection when I search for something or it does not display a web page when I click on different sites. As well, I still am having problems with my E drive being recognized. Do I have to reinstall my drivers?

Report •

#10
July 14, 2009 at 13:08:07
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question