Google links keep redirecting to other sites

March 6, 2010 at 11:05:41
Specs: Windows XP
Hi, whenever I search on google, the links will sometimes direct me to other sites. Also, the searches run in Google Nederlands. I have no idea what to do. I've downloaded Superantispyware and AVAST antivirus, but it doesn't seem to fix google for me. Thanks.

See More: Google links keep redirecting to other sites

Report •


#1
March 6, 2010 at 13:15:15
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.



Report •

#2
March 6, 2010 at 13:43:32
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\vowiwiki.dll
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: msfwsvc.exe - svchost.exe
IFEO: MsMpEng.exe - svchost.exe
IFEO: OcHealthMon.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-6 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-6 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-6 40384]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2007-6-19 9344]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2002-9-9 17018]

=============== Created Last 30 ================

2010-03-06 17:22:09 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-06 17:21:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-06 17:21:56 0 d-----w- c:\docume~1\homeus~1\applic~1\SUPERAntiSpyware.com
2010-03-06 17:13:36 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-06 15:33:55 0 d-----w- c:\program files\VS Revo Group
2010-03-06 14:53:59 0 d-----w- c:\program files\Windows Installer Clean Up
2010-03-06 14:53:46 0 d-----w- c:\program files\MSECACHE
2010-03-06 01:12:54 0 d-----w- c:\windows\pss
2010-03-05 10:06:11 0 d-----w- c:\docume~1\homeus~1\applic~1\DriverCure
2010-03-05 10:06:05 0 d-----w- c:\program files\common files\ParetoLogic
2010-03-05 10:06:05 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-03-05 10:06:05 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverCure
2010-03-04 13:31:22 3 ----a-w- c:\windows\system32\~msw1.tmp
2010-03-03 01:13:53 3 ----a-w- c:\windows\system32\~msw0.tmp
2010-02-28 14:36:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-23 21:10:59 44080 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-23 04:03:01 0 d-sh--w- c:\docume~1\alluse~1\applic~1\SAEQGV
2010-02-23 04:02:44 0 d-sh--w- c:\docume~1\alluse~1\applic~1\e2c9694
2010-02-15 23:50:20 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-02-15 23:50:20 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-02-10 03:07:40 0 d-----w- c:\docume~1\homeus~1\applic~1\Yandex
2010-02-09 04:17:19 5127 ----a-w- c:\windows\system32\ntconf32.vxd
2010-02-09 03:31:42 13858 ----a-w- c:\windows\system32\msconfig32.sys
2010-02-09 01:35:26 0 d-----w- c:\docume~1\homeus~1\applic~1\BitZipper
2010-02-09 01:35:22 0 d-----w- c:\program files\BitZipper
2010-02-09 01:33:03 0 d-----w- c:\docume~1\homeus~1\applic~1\WeatherBug

==================== Find3M ====================

2009-12-30 20:21:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55:25 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19:32 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-04 07:56:57 102400 --sh--r- c:\windows\system32\setup\MPClient.exe
2004-08-04 07:56:57 40960 --sh--r- c:\windows\system32\setup\MPSvc.exe
2004-08-04 07:56:57 40960 --sh--r- c:\windows\system32\setup\TableTextService.exe
2004-08-04 07:56:57 28672 --sh--r- c:\windows\system32\setup\zf32.dll

============= FINISH: 16:39:36.93 ===============
DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/8/2007 1:01:20 PM
System Uptime: 3/6/2010 12:37:38 PM (4 hours ago)

Motherboard: Intel Corporation | | D845EPT2
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | X1 | 2392/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 19 GiB total, 3.548 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/6/2010 2:01:29 PM - System Checkpoint

==== Image File Execution Options =============

IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: msfwsvc.exe - svchost.exe
IFEO: MsMpEng.exe - svchost.exe
IFEO: OcHealthMon.exe - svchost.exe
IFEO: winss.exe - svchost.exe
IFEO: winssnotify.exe - svchost.exe
IFEO: WinSSUI.exe - svchost.exe

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 94.228.209.244 www.google.com
Hosts: 94.228.209.244 google.com
Hosts: 94.228.209.244 google.com.au
Hosts: 94.228.209.244 www.google.com.au
Hosts: 94.228.209.244 google.be
Hosts: 94.228.209.244 www.google.be
Hosts: 94.228.209.244 google.com.br
Hosts: 94.228.209.244 www.google.com.br
Hosts: 94.228.209.244 google.ca
Hosts: 94.228.209.244 www.google.ca
Hosts: 94.228.209.244 google.ch
Hosts: 94.228.209.244 www.google.ch
Hosts: 94.228.209.244 google.de
Hosts: 94.228.209.244 www.google.de
Hosts: 94.228.209.244 google.dk
Hosts: 94.228.209.244 www.google.dk
Hosts: 94.228.209.244 google.fr
Hosts: 94.228.209.244 www.google.fr
Hosts: 94.228.209.244 google.ie
Hosts: 94.228.209.244 www.google.ie
Hosts: 94.228.209.244 google.it
Hosts: 94.228.209.244 www.google.it
Hosts: 94.228.209.244 google.co.jp
Hosts: 94.228.209.244 www.google.co.jp
Hosts: 94.228.209.244 google.nl
Hosts: 94.228.209.244 www.google.nl
Hosts: 94.228.209.244 google.no
Hosts: 94.228.209.244 www.google.no
Hosts: 94.228.209.244 google.co.nz
Hosts: 94.228.209.244 www.google.co.nz
Hosts: 94.228.209.244 google.pl
Hosts: 94.228.209.244 www.google.pl
Hosts: 94.228.209.244 google.se
Hosts: 94.228.209.244 www.google.se
Hosts: 94.228.209.244 google.co.uk
Hosts: 94.228.209.244 www.google.co.uk
Hosts: 94.228.209.244 google.co.za
Hosts: 94.228.209.244 www.google.co.za
Hosts: 94.228.209.244 www.google-analytics.com
Hosts: 94.228.209.244 www.bing.com
Hosts: 94.228.209.244 search.yahoo.com
Hosts: 94.228.209.244 www.search.yahoo.com
Hosts: 94.228.209.244 uk.search.yahoo.com
Hosts: 94.228.209.244 ca.search.yahoo.com
Hosts: 94.228.209.244 de.search.yahoo.com
Hosts: 94.228.209.244 fr.search.yahoo.com
Hosts: 94.228.209.244 au.search.yahoo.com

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Alt-Tab Task Switcher Powertoy for Windows XP
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
avast! Free Antivirus
BitZipper 2009
Bonjour
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DVD Decrypter (Remove Only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Software Update
HP Update
hppIOFiles
iTunes
Java(TM) 6 Update 16
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NETGEAR XE102 Powerline Ethernet Adapter
QFolder
QuickTime
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Slideshow Generator Powertoy for Windows XP
SoundMAX
SUPERAntiSpyware Free Edition
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/5/2010 6:16:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================


Report •

#3
March 6, 2010 at 14:01:21
It mat take several post to get the results of the following scan to us, please send all of it.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.

Under the Custom Scans/Fixes box at the bottom, paste in text between the X's
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:Commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Report •

Related Solutions

#4
March 6, 2010 at 14:44:14
Ok, so here is my Malwarebytes scan log from your first reply. Please don't post a reply until I complete your second reply. Thank you!
Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/6/2010 5:39:47 PM
mbam-log-2010-03-06 (17-39-47).txt

Scan type: Quick Scan
Objects scanned: 113192
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Program Files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#5
March 6, 2010 at 15:00:14
I'm sorry, I don't think I understand. When I open OTL, there are no X's in the text box. I copy and pasted what you asked anyways, and it finishes in an instant. Here's what it says:

========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.34.0 log created on 03062010_175757

I know I'm not doing it correctly, since you said it would be a lot. Can you please instruct me again on how to use OTL?


Report •

#6
March 6, 2010 at 18:24:54
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Remember..your Avast antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
March 6, 2010 at 19:50:56
Wow, it actually worked. Thank you so much, I really appreciate it. Keep up the good work!

Report •

#8
March 6, 2010 at 19:59:56
WE need to see the Combofix log, there may be some files that were not removed, newer versions of thsese types of infections morph and create files undetectable as a baddie but often show up in Combofix logs.

Report •

#9
March 6, 2010 at 20:13:42
ComboFix 10-03-06.04 - Home User 03/06/2010 22:21:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.452 [GMT -5:00]
Running from: c:\documents and settings\Home User\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}
c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}\chrome.manifest
c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}\chrome\content\_cfg.js
c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}\chrome\content\c.js
c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}\chrome\content\overlay.xul
c:\documents and settings\Home User\Local Settings\Application Data\{A38A3612-DA47-4BCC-8AAD-CD3C41F3EBFD}\install.rdf
c:\windows\arusokup.dll
c:\windows\avozewuj.dll
c:\windows\ayuledunu.dll
c:\windows\ebowupomukimu.dll
c:\windows\ecorexowexuluqiz.dll
c:\windows\edoraxon.dll
c:\windows\efudikugomuk.dll
c:\windows\ehexukowomaquden.dll
c:\windows\ekamikuxiyay.dll
c:\windows\emivaxitigokid.dll
c:\windows\equsupahoge.dll
c:\windows\erobuxidetayol.dll
c:\windows\genrabdr.dll
c:\windows\idacirojik.dll
c:\windows\igumipoberebe.dll
c:\windows\ihaduxotoy.dll
c:\windows\ilawokojegigudud.dll
c:\windows\ilijepur.dll
c:\windows\imipodov.dll
c:\windows\ipicosp.dll
c:\windows\ipucuxiqivoqulic.dll
c:\windows\isuredoxirakipe.dll
c:\windows\iwegukop.dll
c:\windows\obahepalamu.dll
c:\windows\obexixoyenevud.dll
c:\windows\oduhapuvebu.dll
c:\windows\ohibezaxe.dll
c:\windows\ohotudiwoniqi.dll
c:\windows\okaboduyeviwepa.dll
c:\windows\osapixohay.dll
c:\windows\osidovujepope.dll
c:\windows\ovemudutibofe.dll
c:\windows\ozuwiviyiyimevo.dll
c:\windows\system32\atiyemeg.ini
c:\windows\system32\azizamok.ini
c:\windows\system32\ifegayiy.ini
c:\windows\system32\ilihojob.ini
c:\windows\system32\mscommon.inf
c:\windows\system32\msconfig32.sys
c:\windows\system32\uvejiden.ini
c:\windows\UA000106.DLL
c:\windows\ucemevocogi.dll
c:\windows\ucitivolubu.dll
c:\windows\ugitoxicedoj.dll
c:\windows\ugizidiji.dll
c:\windows\uhojoqoz.dll
c:\windows\ukumakuladoleq.dll
c:\windows\umupovilometape.dll
c:\windows\upecovof.dll
c:\windows\uvazurowov.dll
c:\windows\uxidadodexa.dll
c:\windows\uyehejonuquc.dll
c:\windows\wskbla.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 03:09 . 2010-03-07 03:10 152576 ----a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-07 03:09 . 2010-03-07 03:10 79488 ----a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-06 22:54 . 2010-03-06 22:54 -------- dc----w- C:\_OTL
2010-03-06 21:47 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:47 . 2010-03-06 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:47 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 17:22 . 2010-03-06 17:22 52224 ----a-w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-06 17:22 . 2010-03-06 17:22 117760 ----a-w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 17:22 . 2010-03-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-06 17:21 . 2010-03-06 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-06 17:21 . 2010-03-06 17:21 -------- d-----w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com
2010-03-06 17:20 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-06 17:20 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-06 17:20 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-06 17:20 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-06 17:20 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-06 17:20 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-06 17:20 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-06 17:18 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-06 17:18 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-06 17:13 . 2010-03-06 17:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-06 15:33 . 2010-03-06 15:33 -------- d-----w- c:\program files\VS Revo Group
2010-03-06 15:33 . 2010-03-06 15:33 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Microsoft Help
2010-03-06 14:53 . 2010-03-06 15:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-06 14:53 . 2010-03-06 14:53 -------- d-----w- c:\program files\MSECACHE
2010-03-05 19:43 . 2010-03-06 15:33 -------- d-----w- c:\program files\QuickTime
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\documents and settings\Home User\Application Data\DriverCure
2010-03-05 10:06 . 2010-03-05 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-05 03:07 . 2010-03-06 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-28 14:36 . 2010-02-28 14:36 -------- d-----w- c:\program files\Alwil Software
2010-02-28 14:36 . 2010-02-28 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-23 21:10 . 2010-02-23 21:10 44080 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-23 04:03 . 2010-02-23 04:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SAEQGV
2010-02-23 04:02 . 2010-03-02 19:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\e2c9694
2010-02-16 11:58 . 2010-02-16 11:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-10 03:08 . 2010-02-10 03:08 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Yandex
2010-02-10 03:07 . 2010-02-10 03:08 -------- d-----w- c:\documents and settings\Home User\Application Data\Yandex
2010-02-09 03:31 . 2010-02-26 10:39 -------- d-----w- c:\program files\Windows Defender
2010-02-09 01:35 . 2010-02-09 01:35 -------- d-----w- c:\documents and settings\Home User\Application Data\BitZipper
2010-02-09 01:35 . 2010-02-09 01:35 -------- d-----w- c:\program files\BitZipper
2010-02-09 01:33 . 2010-02-09 01:34 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\WeatherBug
2010-02-09 01:33 . 2010-02-09 01:33 -------- d-----w- c:\documents and settings\Home User\Application Data\WeatherBug
2010-02-09 01:32 . 2010-02-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 03:11 . 2008-09-07 03:48 -------- d-----w- c:\program files\Java
2010-03-06 15:32 . 2007-06-19 21:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 15:32 . 2009-11-29 00:30 -------- d-----w- c:\documents and settings\Home User\Application Data\GetRightToGo
2010-03-05 09:56 . 2007-04-08 18:51 48960 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:31 . 2010-03-04 13:31 3 ----a-w- c:\windows\system32\~msw1.tmp
2010-03-03 01:14 . 2010-03-03 01:13 3 ----a-w- c:\windows\system32\~msw0.tmp
2010-02-09 01:32 . 2009-08-12 01:18 -------- d-----w- c:\program files\Yahoo!
2010-02-02 22:00 . 2009-12-24 02:09 -------- d-----w- c:\program files\iTunes
2010-02-02 21:59 . 2010-02-02 21:59 -------- d-----w- c:\program files\iPod
2010-02-02 21:59 . 2009-12-24 02:06 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 21:54 . 2010-02-02 21:54 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 05:41 . 2010-01-22 05:41 -------- d-----w- c:\program files\Microsoft
2010-01-22 05:41 . 2010-01-22 05:40 -------- d-----w- c:\program files\Windows Live
2010-01-22 05:41 . 2010-01-22 05:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-22 05:37 . 2010-01-22 05:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-31 16:14 . 2001-08-18 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 20:21 . 2009-12-30 20:21 152576 -c--a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-21 19:14 . 2004-01-08 19:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2007-04-08 16:54 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2001-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2001-08-18 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2001-08-18 12:00 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-08-04 07:56 . 2004-08-04 07:56 102400 --sh--r- c:\windows\system32\Setup\MPClient.exe
2004-08-04 07:56 . 2004-08-04 07:56 40960 --sh--r- c:\windows\system32\Setup\MPSvc.exe
2004-08-04 07:56 . 2004-08-04 07:56 40960 --sh--r- c:\windows\system32\Setup\TableTextService.exe
2004-08-04 07:56 . 2010-02-09 03:31 28672 --sh--r- c:\windows\system32\Setup\zf32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Microsoft Text Input Processor"="c:\program files\Common Files\System\TableTextService.exe" [2004-08-04 40960]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Microsoft Text Input Processor"="c:\program files\Common Files\System\TableTextService.exe" [2004-08-04 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:2a4d3768e9

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Defender\\MPClient.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/6/2010 12:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/6/2010 12:20 PM 19024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [6/19/2007 8:30 AM 9344]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [9/9/2002 1:53 PM 17018]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-06 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-03-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{380B9FD7-5C64-4F73-8441-1F58952FCB07}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

2010-03-07 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_HOME-S5CIHS2GLV_Home User.job
- c:\windows\system32\mobsync.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{91397D20-1446-11D4-8AF4-0040CA1127B6} - c:\program files\Yandex\YandexBarIE\yndbar.dll
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - c:\program files\Yandex\YandexBarIE\yndbar.dll
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-Adobe Update Manager - c:\program files\Adobe\Reader 9.0\Reader\AdobeUpdater.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 22:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\hpzipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-06 22:34:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-07 03:34

Pre-Run: 3,620,306,944 bytes free
Post-Run: 3,642,847,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 6B0263ED5B78F961F3E7A27FEAB65DFE


Report •

#10
March 6, 2010 at 20:36:06
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
DIRLOOK::
c:\documents and settings\All Users\Application Data\SAEQGV
c:\documents and settings\All Users\Application Data\e2c9694

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Please go to Virus Total and upload the following files one at the time for analysis:

c:\windows\system32\mlfcache.dat

c:\windows\system32\~msw1.tmp

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file". If the file has already been analyzed click the reanalyze button to have it checked again.

Post the results in your reply.


Report •

#11
March 7, 2010 at 08:38:17
I still don't know what you mean when you say post everything between the X's. This was all you gave me:

DIRLOOK::
c:\documents and settings\All Users\Application Data\SAEQGV
c:\documents and settings\All Users\Application Data\e2c9694

Also, I don't know what notepad you're talking about. A little more clarification would help, thanks.


Report •

#12
March 7, 2010 at 08:54:34
Notepad is one of two text editors in xp, wordpad word be the other. We wont you to use notepad.Go to start> run type in notepad then click ok, notepad will open. Copy this from response #10 (which is everything between the X"s):

DIRLOOK::
c:\documents and settings\All Users\Application Data\SAEQGV
c:\documents and settings\All Users\Application Data\e2c9694

Then paste it in notepad with DIRLOOK:: in the very top left corner of the page.

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Then post the result from Combofix.


Report •

#13
March 7, 2010 at 10:45:07
ComboFix 10-03-07.02 - Home User 03/07/2010 13:36:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.422 [GMT -5:00]
Running from: c:\documents and settings\Home User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Home User\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\zf32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-07 09:57 . 2010-03-07 09:57 -------- d-----w- c:\windows\LastGood
2010-03-07 03:09 . 2010-03-07 03:10 152576 ----a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-07 03:09 . 2010-03-07 03:10 79488 ----a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-06 22:54 . 2010-03-06 22:54 -------- dc----w- C:\_OTL
2010-03-06 21:47 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:47 . 2010-03-06 21:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:47 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 17:22 . 2010-03-06 17:22 52224 ----a-w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-06 17:22 . 2010-03-06 17:22 117760 ----a-w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 17:22 . 2010-03-06 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-06 17:21 . 2010-03-06 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-06 17:21 . 2010-03-06 17:21 -------- d-----w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com
2010-03-06 17:20 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-06 17:20 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-06 17:20 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-06 17:20 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-06 17:20 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-06 17:20 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-06 17:20 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-06 17:18 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-06 17:18 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-06 17:13 . 2010-03-06 17:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-06 15:33 . 2010-03-06 15:33 -------- d-----w- c:\program files\VS Revo Group
2010-03-06 15:33 . 2010-03-06 15:33 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Microsoft Help
2010-03-06 14:53 . 2010-03-06 15:26 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-06 14:53 . 2010-03-06 14:53 -------- d-----w- c:\program files\MSECACHE
2010-03-05 19:43 . 2010-03-06 15:33 -------- d-----w- c:\program files\QuickTime
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\documents and settings\Home User\Application Data\DriverCure
2010-03-05 10:06 . 2010-03-05 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-05 10:06 . 2010-03-05 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-05 03:07 . 2010-03-06 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-28 14:36 . 2010-02-28 14:36 -------- d-----w- c:\program files\Alwil Software
2010-02-28 14:36 . 2010-02-28 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-23 21:10 . 2010-02-23 21:10 44080 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-23 04:03 . 2010-02-23 04:03 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SAEQGV
2010-02-23 04:02 . 2010-03-02 19:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\e2c9694
2010-02-16 11:58 . 2010-02-16 11:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-10 03:08 . 2010-02-10 03:08 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Yandex
2010-02-10 03:07 . 2010-02-10 03:08 -------- d-----w- c:\documents and settings\Home User\Application Data\Yandex
2010-02-09 03:31 . 2010-02-26 10:39 -------- d-----w- c:\program files\Windows Defender
2010-02-09 01:35 . 2010-02-09 01:35 -------- d-----w- c:\documents and settings\Home User\Application Data\BitZipper
2010-02-09 01:35 . 2010-02-09 01:35 -------- d-----w- c:\program files\BitZipper
2010-02-09 01:33 . 2010-02-09 01:34 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\WeatherBug
2010-02-09 01:33 . 2010-02-09 01:33 -------- d-----w- c:\documents and settings\Home User\Application Data\WeatherBug
2010-02-09 01:32 . 2010-02-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 03:11 . 2008-09-07 03:48 -------- d-----w- c:\program files\Java
2010-03-06 15:32 . 2007-06-19 21:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-06 15:32 . 2009-11-29 00:30 -------- d-----w- c:\documents and settings\Home User\Application Data\GetRightToGo
2010-03-05 09:56 . 2007-04-08 18:51 48960 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 13:31 . 2010-03-04 13:31 3 ----a-w- c:\windows\system32\~msw1.tmp
2010-03-03 01:14 . 2010-03-03 01:13 3 ----a-w- c:\windows\system32\~msw0.tmp
2010-02-09 01:32 . 2009-08-12 01:18 -------- d-----w- c:\program files\Yahoo!
2010-02-02 22:00 . 2009-12-24 02:09 -------- d-----w- c:\program files\iTunes
2010-02-02 21:59 . 2010-02-02 21:59 -------- d-----w- c:\program files\iPod
2010-02-02 21:59 . 2009-12-24 02:06 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 21:54 . 2010-02-02 21:54 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-22 05:41 . 2010-01-22 05:41 -------- d-----w- c:\program files\Microsoft
2010-01-22 05:41 . 2010-01-22 05:40 -------- d-----w- c:\program files\Windows Live
2010-01-22 05:41 . 2010-01-22 05:41 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-22 05:37 . 2010-01-22 05:37 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-31 16:14 . 2001-08-18 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 20:21 . 2009-12-30 20:21 152576 -c--a-w- c:\documents and settings\Home User\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-12-21 19:14 . 2004-01-08 19:23 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2007-04-08 16:54 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2001-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2001-08-18 12:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2001-08-18 12:00 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2004-08-04 07:56 . 2004-08-04 07:56 102400 --sh--r- c:\windows\system32\Setup\MPClient.exe
2004-08-04 07:56 . 2004-08-04 07:56 40960 --sh--r- c:\windows\system32\Setup\MPSvc.exe
2004-08-04 07:56 . 2004-08-04 07:56 40960 --sh--r- c:\windows\system32\Setup\TableTextService.exe
2004-08-04 07:56 . 2010-02-09 03:31 28672 --sh--r- c:\windows\system32\Setup\zf32.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\e2c9694 ----

2010-02-27 16:54 . 2010-02-27 16:54 4286 ----a-w- c:\documents and settings\All Users\Application Data\e2c9694\SAV.ico
2010-02-27 16:54 . 2007-06-19 13:34 798 ----a-w- c:\documents and settings\All Users\Application Data\e2c9694\BackUp\HP Image Zone Fast Start.lnk
2010-02-27 16:54 . 2007-06-19 13:36 1808 ----a-w- c:\documents and settings\All Users\Application Data\e2c9694\BackUp\HP Digital Imaging Monitor.lnk
2010-02-27 16:53 . 2010-02-27 16:53 11380 ----a-w- c:\documents and settings\All Users\Application Data\e2c9694\SAVSys\vd952342.bd

---- Directory of c:\documents and settings\All Users\Application Data\SAEQGV ----

2010-02-23 04:03 . 2010-03-02 13:47 23451 --sha-w- c:\documents and settings\All Users\Application Data\SAEQGV\SAXEDBBLHV.cfg


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Microsoft Text Input Processor"="c:\program files\Common Files\System\TableTextService.exe" [2004-08-04 40960]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Microsoft Text Input Processor"="c:\program files\Common Files\System\TableTextService.exe" [2004-08-04 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:2a4d3768e9

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Defender\\MPClient.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/6/2010 12:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/6/2010 12:20 PM 19024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [6/19/2007 8:30 AM 9344]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [9/9/2002 1:53 PM 17018]
.
Contents of the 'Scheduled Tasks' folder

2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-06 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-03-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-03-06 c:\windows\Tasks\User_Feed_Synchronization-{380B9FD7-5C64-4F73-8441-1F58952FCB07}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

2010-03-07 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_HOME-S5CIHS2GLV_Home User.job
- c:\windows\system32\mobsync.exe [2001-08-18 07:56]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 13:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-03-07 13:43:47
ComboFix-quarantined-files.txt 2010-03-07 18:43
ComboFix2.txt 2010-03-07 03:34

Pre-Run: 3,456,147,456 bytes free
Post-Run: 3,506,814,976 bytes free

- - End Of File - - 614F55269AA147C1FC442990DC4A9F1A


Report •

#14
March 7, 2010 at 11:30:30
There are bad files hidden in those folders, good job.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
Folder::
c:\documents and settings\All Users\Application Data\SAEQGV
c:\documents and settings\All Users\Application Data\e2c9694
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

A little clean-up to do.

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Let me know how the computer is operating.


Report •

#15
March 8, 2010 at 14:27:49
The computer's working great! Thanks again.

Report •

#16
March 8, 2010 at 14:31:10
Glad we could help.

Report •


Ask Question