Redirect internet search, popups too

Gateway / Mx8739
January 10, 2010 at 10:40:59
Specs: Microsoft Windows Vista Home Premium, 1.733 GHz / 1013 MB
Hi. All my internet searches are being redirected. I have tried a lot of amatuer fixes like virus scans and restoring to an older window update. The fix will work for one or two searches. Please help.

I have my Hijack this report ready to post.

Thanks in advance.


See More: Redirect internet search, popups too

Report •

#1
January 10, 2010 at 15:20:03
try restore the internet options and firewall options and under
connections in internet options check the LAN settings if your
going though a proxy

Report •

#2
January 10, 2010 at 15:45:08
Please post you Hijack This log.

Report •

#3
January 10, 2010 at 16:24:42
Hi.

Hijack this report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:07 PM, on 1/2/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage....
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SanaSafeConnect] "C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SacReminder] C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
--
End of file - 7696 bytes


Report •

Related Solutions

#4
January 10, 2010 at 16:27:50
I also reset all my settings in my internet options and firewall settings.

Report •

#5
January 10, 2010 at 17:02:41
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Please download Combofix with internet explpore instead of FireFox (if you have it).

Remember..your CA antivirus and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
January 10, 2010 at 18:16:49
Hi.

ComboFix 10-01-04.01 - Erola 01/10/2010 19:51:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.440 [GMT -6:00]
Running from: c:\users\Erola\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3794427647-3927051111-2602980719-500
c:\windows\system32\BSTIeprintctl1.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 02:02 . 2010-01-11 02:04 -------- d-----w- c:\users\Erola\AppData\Local\temp
2010-01-11 02:02 . 2010-01-11 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 01:18 . 2010-01-11 01:18 -------- d-----w- c:\programdata\SITEguard
2010-01-11 01:17 . 2010-01-11 01:17 -------- d-----w- c:\program files\Common Files\iS3
2010-01-11 01:17 . 2010-01-11 01:35 -------- d-----w- c:\programdata\STOPzilla!
2010-01-10 04:23 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-10 04:23 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-10 04:22 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-10 04:22 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-10 04:10 . 2010-01-10 04:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 03:59 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-10 03:59 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-10 03:59 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-01-10 03:33 . 2009-11-21 06:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-10 03:32 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-01-10 03:18 . 2010-01-10 03:18 -------- d-----w- c:\users\Erola\AppData\Local\Seven Zip
2010-01-02 20:54 . 2010-01-02 20:54 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 02:05 . 2008-02-18 23:02 66560 --sha-w- c:\programdata\ExtendMedia\Media Agent\ac.dll
2010-01-11 01:26 . 2010-01-11 01:26 496 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-10 09:09 . 2007-07-03 09:42 -------- d-----w- c:\programdata\Microsoft Help
2010-01-10 05:17 . 2007-07-03 09:31 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-01-10 04:09 . 2007-07-03 09:47 -------- d-----w- c:\program files\Java
2010-01-10 03:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-01-10 03:08 . 2009-08-05 20:20 -------- d-----w- c:\programdata\OfficeGuardian
2010-01-10 03:08 . 2007-07-03 09:44 -------- d-----w- c:\program files\Microsoft Works
2010-01-09 23:26 . 2009-09-11 01:28 -------- d-----w- c:\programdata\CA
2010-01-09 23:26 . 2009-09-11 01:27 -------- d-----w- c:\program files\CA
2009-11-27 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-27 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-27 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-27 22:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-27 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-27 22:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-21 06:40 . 2010-01-10 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-10 03:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-10 03:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-14 03:07 . 2009-11-14 03:06 -------- d-----w- c:\program files\iTunes
2009-11-14 03:06 . 2009-11-14 03:06 -------- d-----w- c:\program files\iPod
2009-11-14 03:06 . 2009-03-09 21:47 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 03:01 . 2009-11-14 03:01 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-07 00:43 . 2009-05-15 19:10 126970 ----a-w- c:\users\Erola\AppData\Roaming\Move Networks\uninstall.exe
2009-11-07 00:43 . 2009-08-03 21:48 4187512 ----a-w- c:\users\Erola\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
2009-11-03 02:42 . 2009-10-03 00:45 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-27 14:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-16 19:48 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Erola\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SacReminder"="c:\programdata\OfficeGuardian\reminder\SacReminder.exe" [2009-06-02 825152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SanaSafeConnect"="c:\program files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe" [2007-10-19 1731096]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-05-04 40072]

c:\users\Erola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):aa,11,36,91,b1,6f,ca,01

R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 3:57 PM 814728]
R2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 6:23 PM 5218328]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 6:23 PM 547352]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [7/3/2007 3:36 AM 251904]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_VISTA\SafeConnectDriver.sys [10/18/2007 6:24 PM 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_VISTA\SafeConnectFilter.sys [10/18/2007 6:24 PM 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_VISTA\SafeConnectShim.sys [10/18/2007 6:24 PM 29216]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX8739
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 20:07
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-10 20:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 02:16

Pre-Run: 59,838,390,272 bytes free
Post-Run: 59,899,928,576 bytes free

- - End Of File - - B75582E90C8BEF91D3714D59EE0A6E9D

Thanks again!


Report •

#7
January 10, 2010 at 19:05:47
If you are not being redirected do the following, if you are let me know.

A little clean-up to do.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Using the following guide at the provided link you need to empty the restore folder and create a new restore point. The information is at the bottom of the page.

Do not do a system restore you just want to empty the the infected one on your computer.


ComboFix

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#8
January 10, 2010 at 19:29:08
Hi.

This seems to have done it. You are my hero.

I have made all the updates you have suggested and if you have any furthur suggestions, I'm all ears or eyes.

Would you recommend a different security system than CA...I had been using it because it was free but it makes my computer run slow and obviously has problems.

Thanks.


Report •

#9
January 10, 2010 at 19:36:25
I use AVG 9.0 free version but CA is supposed to be good...nothing will stop these types of infections 100% of the time. AVG might help with the speed.

Report •

Ask Question